# See /LICENSE for more information.
#
+config EXPERIMENTAL
+ bool "Enable experimental features by default"
+ default n
+ help
+ Set this option to build with latest bleeding edge features
+ which may or may not work as expected.
+ If you would like to help the development of OpenWrt, you are
+ encouraged to set this option and provide feedback (both
+ positive and negative). But do so only if you know how to
+ recover your device in case of flashing potentially non-working
+ firmware.
+
+ If you plan to use this build in production, say NO!
+
menu "Global build settings"
config JSON_OVERVIEW_IMAGE_INFO
config TESTING_KERNEL
bool "Use the testing kernel version"
depends on HAS_TESTING_KERNEL
- default n
+ default EXPERIMENTAL
help
If the target supports a newer kernel version than the default,
you can use this config option to enable it
help
Specifies arguments passed to the strip command when stripping binaries.
+ config SSTRIP_ARGS
+ string
+ prompt "Sstrip arguments"
+ depends on USE_SSTRIP
+ default "-z"
+ help
+ Specifies arguments passed to the sstrip command when stripping binaries.
+
config STRIP_KERNEL_EXPORTS
bool "Strip unnecessary exports from the kernel image"
help
config USE_UCLIBCXX
bool "uClibc++"
- config USE_LIBCXX
- bool "libc++"
- depends on !USE_UCLIBC
-
config USE_LIBSTDCXX
bool "libstdc++"
endchoice
bool "Strong"
endchoice
- config KERNEL_STACKPROTECTOR
+ config KERNEL_STACKPROTECTOR
bool
default KERNEL_CC_STACKPROTECTOR_REGULAR || KERNEL_CC_STACKPROTECTOR_STRONG
- config KERNEL_STACKPROTECTOR_STRONG
+ config KERNEL_STACKPROTECTOR_STRONG
bool
default KERNEL_CC_STACKPROTECTOR_STRONG
bool "Full"
endchoice
+ config TARGET_ROOTFS_SECURITY_LABELS
+ bool
+ select KERNEL_SQUASHFS_XATTR
+ select KERNEL_EXT4_FS_SECURITY
+ select KERNEL_F2FS_FS_SECURITY
+ select KERNEL_UBIFS_FS_SECURITY
+ select KERNEL_JFFS2_FS_SECURITY
+
+ config SELINUX
+ bool "Enable SELinux"
+ select KERNEL_SECURITY_SELINUX
+ select TARGET_ROOTFS_SECURITY_LABELS
+ select PACKAGE_procd-selinux
+ select PACKAGE_busybox-selinux
+ help
+ This option enables SELinux kernel features, applies security labels
+ in squashfs rootfs and selects the selinux-variants of busybox and procd.
+
+ Selecting this option results in about 0.5MiB of additional flash space
+ usage accounting for increased kernel and rootfs size.
+
+ choice
+ prompt "default SELinux type"
+ depends on TARGET_ROOTFS_SECURITY_LABELS
+ default SELINUXTYPE_dssp
+ help
+ Select SELinux policy to be installed and used for applying rootfs labels.
+
+ config SELINUXTYPE_targeted
+ bool "targeted"
+ select PACKAGE_refpolicy
+ help
+ SELinux Reference Policy (refpolicy)
+
+ config SELINUXTYPE_dssp
+ bool "dssp"
+ select PACKAGE_selinux-policy
+ help
+ Defensec SELinux Security Policy -- OpenWrt edition
+
+ endchoice
+
endmenu