diff options
-rw-r--r-- | extra/linux-zen/PKGBUILD | 6 | ||||
-rw-r--r-- | extra/linux-zen/config | 49 |
2 files changed, 44 insertions, 11 deletions
diff --git a/extra/linux-zen/PKGBUILD b/extra/linux-zen/PKGBUILD index e5262aa2..5adcd9d6 100644 --- a/extra/linux-zen/PKGBUILD +++ b/extra/linux-zen/PKGBUILD @@ -1,9 +1,9 @@ -# upstream git revision: 2edc3f8d648d3f161a9593c0a41332dae246cdfd +# upstream git revision: 43d12d0306ae85803a356caabd0b384eb917c80e # fail if upstream's .config changes for ((i=0; i<${#sha256sums[@]}; i++)); do - if [ "${sha256sums[${i}]}" = 'fd5a7203579777ab2c0deb3bcdf94ded8a4422fefc81506b98c3bce8070b5a8f' ]; then - sha256sums[${i}]='e7d5065e6e43f11c1964010da469e6b9e38a73aba40fac99a8cdace18be86ae2' + if [ "${sha256sums[${i}]}" = '8a852e70606513c77fc513d6ef970273345cc895d90e3f283ae103853bf50c41' ]; then + sha256sums[${i}]='7c355407a2827005bc200e302ab578287fb40d540d95a10b9191151e1c816302' fi done diff --git a/extra/linux-zen/config b/extra/linux-zen/config index 0f7ee4d3..e0dab22e 100644 --- a/extra/linux-zen/config +++ b/extra/linux-zen/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.18.6-zen1 Kernel Configuration +# Linux/x86 4.18.9-zen1 Kernel Configuration # # @@ -78,8 +78,11 @@ CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_CROSS_MEMORY_ATTACH=y # CONFIG_USELIB is not set -# CONFIG_AUDIT is not set +CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y +CONFIG_AUDITSYSCALL=y +CONFIG_AUDIT_WATCH=y +CONFIG_AUDIT_TREE=y # # IRQ subsystem @@ -355,7 +358,15 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS=y # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=y @@ -1194,6 +1205,7 @@ CONFIG_NETFILTER_XT_SET=m # # Xtables targets # +# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m @@ -9281,9 +9293,10 @@ CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set CONFIG_EARLY_PRINTK_EFI=y # CONFIG_EARLY_PRINTK_USB_XDBC is not set +CONFIG_X86_PTDUMP_CORE=y # CONFIG_X86_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_WX is not set +CONFIG_DEBUG_WX=y CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y @@ -9324,18 +9337,36 @@ CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_FALLBACK=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set +CONFIG_SECURITY_APPARMOR=y +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 +CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_EVM is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m @@ -9439,7 +9470,7 @@ CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_SM3=m CONFIG_CRYPTO_TGR192=m @@ -9469,7 +9500,7 @@ CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SERPENT_SSE2_586=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m +# CONFIG_CRYPTO_SPECK is not set CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m @@ -9534,6 +9565,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set @@ -9592,6 +9624,7 @@ CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m CONFIG_XXHASH=m +CONFIG_AUDIT_GENERIC=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_842_COMPRESS=m CONFIG_842_DECOMPRESS=m |