Kconfig (78dc53c422172a317adb0776dfb687057ffa28b7) Kconfig (79bd9814e5ec9a288d6599f53aeac0b548fdfe52)
1config ARCH
2 string
3 option env="ARCH"
4
5config KERNELVERSION
6 string
7 option env="KERNELVERSION"
8

--- 270 unchanged lines hidden (view full) ---

279 help
280 Enable auditing infrastructure that can be used with another
281 kernel subsystem, such as SELinux (which requires this for
282 logging of avc messages output). Does not do system-call
283 auditing without CONFIG_AUDITSYSCALL.
284
285config AUDITSYSCALL
286 bool "Enable system-call auditing support"
1config ARCH
2 string
3 option env="ARCH"
4
5config KERNELVERSION
6 string
7 option env="KERNELVERSION"
8

--- 270 unchanged lines hidden (view full) ---

279 help
280 Enable auditing infrastructure that can be used with another
281 kernel subsystem, such as SELinux (which requires this for
282 logging of avc messages output). Does not do system-call
283 auditing without CONFIG_AUDITSYSCALL.
284
285config AUDITSYSCALL
286 bool "Enable system-call auditing support"
287 depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT))
287 depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT))
288 default y if SECURITY_SELINUX
289 help
290 Enable low-overhead system-call auditing infrastructure that
291 can be used independently or with another kernel subsystem,
292 such as SELinux.
293
294config AUDIT_WATCH
295 def_bool y
296 depends on AUDITSYSCALL
297 select FSNOTIFY
298
299config AUDIT_TREE
300 def_bool y
301 depends on AUDITSYSCALL
302 select FSNOTIFY
303
288 default y if SECURITY_SELINUX
289 help
290 Enable low-overhead system-call auditing infrastructure that
291 can be used independently or with another kernel subsystem,
292 such as SELinux.
293
294config AUDIT_WATCH
295 def_bool y
296 depends on AUDITSYSCALL
297 select FSNOTIFY
298
299config AUDIT_TREE
300 def_bool y
301 depends on AUDITSYSCALL
302 select FSNOTIFY
303
304config AUDIT_LOGINUID_IMMUTABLE
305 bool "Make audit loginuid immutable"
306 depends on AUDIT
307 help
308 The config option toggles if a task setting its loginuid requires
309 CAP_SYS_AUDITCONTROL or if that task should require no special permissions
310 but should instead only allow setting its loginuid if it was never
311 previously set. On systems which use systemd or a similar central
312 process to restart login services this should be set to true. On older
313 systems in which an admin would typically have to directly stop and
314 start processes this should be set to false. Setting this to true allows
315 one to drop potentially dangerous capabilites from the login tasks,
316 but may not be backwards compatible with older init systems.
317
304source "kernel/irq/Kconfig"
305source "kernel/time/Kconfig"
306
307menu "CPU/Task time and stats accounting"
308
309config VIRT_CPU_ACCOUNTING
310 bool
311

--- 23 unchanged lines hidden (view full) ---

335 kernel entry and exit and on transitions within the kernel
336 between system, softirq and hardirq state, so there is a
337 small performance impact. In the case of s390 or IBM POWER > 5,
338 this also enables accounting of stolen time on logically-partitioned
339 systems.
340
341config VIRT_CPU_ACCOUNTING_GEN
342 bool "Full dynticks CPU time accounting"
318source "kernel/irq/Kconfig"
319source "kernel/time/Kconfig"
320
321menu "CPU/Task time and stats accounting"
322
323config VIRT_CPU_ACCOUNTING
324 bool
325

--- 23 unchanged lines hidden (view full) ---

349 kernel entry and exit and on transitions within the kernel
350 between system, softirq and hardirq state, so there is a
351 small performance impact. In the case of s390 or IBM POWER > 5,
352 this also enables accounting of stolen time on logically-partitioned
353 systems.
354
355config VIRT_CPU_ACCOUNTING_GEN
356 bool "Full dynticks CPU time accounting"
343 depends on HAVE_CONTEXT_TRACKING
344 depends on HAVE_VIRT_CPU_ACCOUNTING_GEN
357 depends on HAVE_CONTEXT_TRACKING && 64BIT
345 select VIRT_CPU_ACCOUNTING
346 select CONTEXT_TRACKING
347 help
348 Select this option to enable task and CPU time accounting on full
349 dynticks systems. This accounting is implemented by watching every
350 kernel-user boundaries using the context tracking subsystem.
351 The accounting is thus performed at the expense of some significant
352 overhead.

--- 473 unchanged lines hidden (view full) ---

826 depends on ARCH_WANTS_PROT_NUMA_PROT_NONE
827 depends on NUMA_BALANCING
828
829config NUMA_BALANCING_DEFAULT_ENABLED
830 bool "Automatically enable NUMA aware memory/task placement"
831 default y
832 depends on NUMA_BALANCING
833 help
358 select VIRT_CPU_ACCOUNTING
359 select CONTEXT_TRACKING
360 help
361 Select this option to enable task and CPU time accounting on full
362 dynticks systems. This accounting is implemented by watching every
363 kernel-user boundaries using the context tracking subsystem.
364 The accounting is thus performed at the expense of some significant
365 overhead.

--- 473 unchanged lines hidden (view full) ---

839 depends on ARCH_WANTS_PROT_NUMA_PROT_NONE
840 depends on NUMA_BALANCING
841
842config NUMA_BALANCING_DEFAULT_ENABLED
843 bool "Automatically enable NUMA aware memory/task placement"
844 default y
845 depends on NUMA_BALANCING
846 help
834 If set, automatic NUMA balancing will be enabled if running on a NUMA
847 If set, autonumic NUMA balancing will be enabled if running on a NUMA
835 machine.
836
837config NUMA_BALANCING
838 bool "Memory placement aware NUMA scheduler"
839 depends on ARCH_SUPPORTS_NUMA_BALANCING
840 depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
841 depends on SMP && NUMA && MIGRATION
842 help
843 This option adds support for automatic NUMA aware memory/task placement.
844 The mechanism is quite primitive and is based on migrating memory when
848 machine.
849
850config NUMA_BALANCING
851 bool "Memory placement aware NUMA scheduler"
852 depends on ARCH_SUPPORTS_NUMA_BALANCING
853 depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY
854 depends on SMP && NUMA && MIGRATION
855 help
856 This option adds support for automatic NUMA aware memory/task placement.
857 The mechanism is quite primitive and is based on migrating memory when
845 it has references to the node the task is running on.
858 it is references to the node the task is running on.
846
847 This system will be inactive on UMA systems.
848
849menuconfig CGROUPS
850 boolean "Control Group support"
859
860 This system will be inactive on UMA systems.
861
862menuconfig CGROUPS
863 boolean "Control Group support"
851 depends on EVENTFD
852 help
853 This option adds support for grouping sets of processes together, for
854 use with process control subsystems such as Cpusets, CFS, memory
855 controls or device isolation.
856 See
857 - Documentation/scheduler/sched-design-CFS.txt (CFS)
858 - Documentation/cgroups/ (features for grouping, isolation
859 and resource control)

--- 50 unchanged lines hidden (view full) ---

910 help
911 This option enables controller independent resource accounting
912 infrastructure that works with cgroups.
913
914config MEMCG
915 bool "Memory Resource Controller for Control Groups"
916 depends on RESOURCE_COUNTERS
917 select MM_OWNER
864 help
865 This option adds support for grouping sets of processes together, for
866 use with process control subsystems such as Cpusets, CFS, memory
867 controls or device isolation.
868 See
869 - Documentation/scheduler/sched-design-CFS.txt (CFS)
870 - Documentation/cgroups/ (features for grouping, isolation
871 and resource control)

--- 50 unchanged lines hidden (view full) ---

922 help
923 This option enables controller independent resource accounting
924 infrastructure that works with cgroups.
925
926config MEMCG
927 bool "Memory Resource Controller for Control Groups"
928 depends on RESOURCE_COUNTERS
929 select MM_OWNER
930 select EVENTFD
918 help
919 Provides a memory resource controller that manages both anonymous
920 memory and page cache. (See Documentation/cgroups/memory.txt)
921
922 Note that setting this option increases fixed memory overhead
923 associated with each page of memory in the system. By this,
924 8(16)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
925 usage tracking struct at boot. Total amount of this is printed out

--- 223 unchanged lines hidden (view full) ---

1149 help
1150 While the nececessary conversions are being added to all subsystems this option allows
1151 the code to continue to build for unconverted subsystems.
1152
1153 Say Y here if you want the strict type checking enabled
1154
1155config SCHED_AUTOGROUP
1156 bool "Automatic process group scheduling"
931 help
932 Provides a memory resource controller that manages both anonymous
933 memory and page cache. (See Documentation/cgroups/memory.txt)
934
935 Note that setting this option increases fixed memory overhead
936 associated with each page of memory in the system. By this,
937 8(16)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
938 usage tracking struct at boot. Total amount of this is printed out

--- 223 unchanged lines hidden (view full) ---

1162 help
1163 While the nececessary conversions are being added to all subsystems this option allows
1164 the code to continue to build for unconverted subsystems.
1165
1166 Say Y here if you want the strict type checking enabled
1167
1168config SCHED_AUTOGROUP
1169 bool "Automatic process group scheduling"
1157 select EVENTFD
1158 select CGROUPS
1159 select CGROUP_SCHED
1160 select FAIR_GROUP_SCHED
1161 help
1162 This option optimizes the scheduler for common desktop workloads by
1163 automatically creating and populating task groups. This separation
1164 of workloads isolates aggressive CPU burners (like build jobs) from
1165 desktop applications. Task group autogeneration is currently based

--- 484 unchanged lines hidden (view full) ---

1650config RT_MUTEXES
1651 boolean
1652
1653config BASE_SMALL
1654 int
1655 default 0 if BASE_FULL
1656 default 1 if !BASE_FULL
1657
1170 select CGROUPS
1171 select CGROUP_SCHED
1172 select FAIR_GROUP_SCHED
1173 help
1174 This option optimizes the scheduler for common desktop workloads by
1175 automatically creating and populating task groups. This separation
1176 of workloads isolates aggressive CPU burners (like build jobs) from
1177 desktop applications. Task group autogeneration is currently based

--- 484 unchanged lines hidden (view full) ---

1662config RT_MUTEXES
1663 boolean
1664
1665config BASE_SMALL
1666 int
1667 default 0 if BASE_FULL
1668 default 1 if !BASE_FULL
1669
1658config SYSTEM_TRUSTED_KEYRING
1659 bool "Provide system-wide ring of trusted keys"
1660 depends on KEYS
1661 help
1662 Provide a system keyring to which trusted keys can be added. Keys in
1663 the keyring are considered to be trusted. Keys may be added at will
1664 by the kernel from compiled-in data and from hardware key stores, but
1665 userspace may only add extra keys if those keys can be verified by
1666 keys already in the keyring.
1667
1668 Keys in this keyring are used by module signature checking.
1669
1670menuconfig MODULES
1671 bool "Enable loadable module support"
1672 option modules
1673 help
1674 Kernel modules are small pieces of compiled code which can
1675 be inserted in the running kernel, rather than being
1676 permanently built into the kernel. You use the "modprobe"
1677 tool to add (and sometimes remove) them. If you say Y here,

--- 57 unchanged lines hidden (view full) ---

1735 see exactly which source was used to build a module (since
1736 others sometimes change the module source without updating
1737 the version). With this option, such a "srcversion" field
1738 will be created for all modules. If unsure, say N.
1739
1740config MODULE_SIG
1741 bool "Module signature verification"
1742 depends on MODULES
1670menuconfig MODULES
1671 bool "Enable loadable module support"
1672 option modules
1673 help
1674 Kernel modules are small pieces of compiled code which can
1675 be inserted in the running kernel, rather than being
1676 permanently built into the kernel. You use the "modprobe"
1677 tool to add (and sometimes remove) them. If you say Y here,

--- 57 unchanged lines hidden (view full) ---

1735 see exactly which source was used to build a module (since
1736 others sometimes change the module source without updating
1737 the version). With this option, such a "srcversion" field
1738 will be created for all modules. If unsure, say N.
1739
1740config MODULE_SIG
1741 bool "Module signature verification"
1742 depends on MODULES
1743 select SYSTEM_TRUSTED_KEYRING
1744 select KEYS
1745 select CRYPTO
1746 select ASYMMETRIC_KEY_TYPE
1747 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
1748 select PUBLIC_KEY_ALGO_RSA
1749 select ASN1
1750 select OID_REGISTRY
1751 select X509_CERTIFICATE_PARSER

--- 111 unchanged lines hidden ---
1743 select KEYS
1744 select CRYPTO
1745 select ASYMMETRIC_KEY_TYPE
1746 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
1747 select PUBLIC_KEY_ALGO_RSA
1748 select ASN1
1749 select OID_REGISTRY
1750 select X509_CERTIFICATE_PARSER

--- 111 unchanged lines hidden ---