SOURCES: kernel-desktop-grsec.config - removed all but grsec-minim...
sparky
sparky at pld-linux.org
Fri Jun 23 22:06:14 CEST 2006
Author: sparky Date: Fri Jun 23 20:06:14 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- removed all but grsec-minimal options
---- Files affected:
SOURCES:
kernel-desktop-grsec.config (1.1 -> 1.2)
---- Diffs:
================================================================
Index: SOURCES/kernel-desktop-grsec.config
diff -u SOURCES/kernel-desktop-grsec.config:1.1 SOURCES/kernel-desktop-grsec.config:1.2
--- SOURCES/kernel-desktop-grsec.config:1.1 Mon Jun 19 13:29:50 2006
+++ SOURCES/kernel-desktop-grsec.config Fri Jun 23 22:06:09 2006
@@ -2,26 +2,6 @@
# Grsecurity
#
CONFIG_GRKERNSEC=y
-# CONFIG_GRKERNSEC_LOW is not set
-# CONFIG_GRKERNSEC_MEDIUM is not set
-# CONFIG_GRKERNSEC_HIGH is not set
-CONFIG_GRKERNSEC_CUSTOM=y
-
-#
-# Address Space Protection
-#
-# CONFIG_GRKERNSEC_KMEM is not set
-# CONFIG_GRKERNSEC_IO is not set
-CONFIG_GRKERNSEC_BRUTE=y
-CONFIG_GRKERNSEC_MODSTOP=y
-# CONFIG_GRKERNSEC_HIDESYM is not set
-
-#
-# Role Based Access Control Options
-#
-CONFIG_GRKERNSEC_ACL_HIDEKERN=y
-CONFIG_GRKERNSEC_ACL_MAXTRIES=3
-CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
@@ -33,77 +13,19 @@
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
-CONFIG_GRKERNSEC_CHROOT=y
-CONFIG_GRKERNSEC_CHROOT_MOUNT=y
-CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
-CONFIG_GRKERNSEC_CHROOT_PIVOT=y
-CONFIG_GRKERNSEC_CHROOT_CHDIR=y
-CONFIG_GRKERNSEC_CHROOT_CHMOD=y
-CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
-CONFIG_GRKERNSEC_CHROOT_MKNOD=y
-CONFIG_GRKERNSEC_CHROOT_SHMAT=y
-CONFIG_GRKERNSEC_CHROOT_UNIX=y
-CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
-CONFIG_GRKERNSEC_CHROOT_NICE=y
-CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
-CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
-CONFIG_GRKERNSEC_AUDIT_GROUP=y
-CONFIG_GRKERNSEC_AUDIT_GID=1007
-CONFIG_GRKERNSEC_EXECLOG=y
-CONFIG_GRKERNSEC_RESLOG=y
-CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
-CONFIG_GRKERNSEC_AUDIT_CHDIR=y
-CONFIG_GRKERNSEC_AUDIT_MOUNT=y
-CONFIG_GRKERNSEC_AUDIT_IPC=y
-CONFIG_GRKERNSEC_SIGNAL=y
-CONFIG_GRKERNSEC_FORKFAIL=y
-CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
-# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
#
-CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
-CONFIG_GRKERNSEC_DMESG=y
-CONFIG_GRKERNSEC_RANDPID=y
-CONFIG_GRKERNSEC_TPE=y
-CONFIG_GRKERNSEC_TPE_ALL=y
-# CONFIG_GRKERNSEC_TPE_INVERT is not set
-CONFIG_GRKERNSEC_TPE_GID=65500
-
-#
-# Network Protections
-#
-CONFIG_GRKERNSEC_RANDNET=y
-CONFIG_GRKERNSEC_SOCKET=y
-CONFIG_GRKERNSEC_SOCKET_ALL=y
-CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
-CONFIG_GRKERNSEC_SOCKET_CLIENT=y
-CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502
-CONFIG_GRKERNSEC_SOCKET_SERVER=y
-CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503
#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_ON is not set
-
-#
-# Logging Options
-#
-CONFIG_GRKERNSEC_FLOODTIME=10
-CONFIG_GRKERNSEC_FLOODBURST=10
-
-#
-# PaX
-#
-# CONFIG_PAX is not set
-
-CONFIG_IP_NF_MATCH_STEALTH=m
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/kernel-desktop-grsec.config?r1=1.1&r2=1.2&f=u
More information about the pld-cvs-commit
mailing list