-# Copyright (C) 2006-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
+# SPDX-License-Identifier: GPL-2.0-only
#
+# Copyright (C) 2006-2014 OpenWrt.org
config KERNEL_BUILD_USER
string "Custom Kernel Build User Name"
bool "Enable support for printk"
default y
-config KERNEL_CRASHLOG
- bool "Crash logging"
- depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
- default y
-
config KERNEL_SWAP
bool "Support for paging of anonymous memory (swap)"
default y if !SMALL_FLASH
+config KERNEL_PROC_STRIPPED
+ bool "Strip non-essential /proc functionality to reduce code size"
+ default y if SMALL_FLASH
+
config KERNEL_DEBUG_FS
bool "Compile the kernel with debug filesystem enabled"
default y
write to these files. Many common debugging facilities, such as
ftrace, require the existence of debugfs.
-# remove KERNEL_MIPS_FPU_EMULATOR after kernel 4.14 and 4.14 are gone
-config KERNEL_MIPS_FPU_EMULATOR
- bool "Compile the kernel with MIPS FPU Emulator"
- default y if TARGET_pistachio
- depends on (mips || mipsel || mips64 || mips64el)
-
config KERNEL_MIPS_FP_SUPPORT
bool
- default y if KERNEL_MIPS_FPU_EMULATOR
+ default y if TARGET_pistachio
config KERNEL_ARM_PMU
bool
- default n
+ default y if TARGET_armsr_armv8
depends on (arm || aarch64)
+config KERNEL_ARM_PMUV3
+ bool
+ default y if TARGET_armsr_armv8
+ depends on (arm_v7 || aarch64) && LINUX_6_6
+
+config KERNEL_RISCV_PMU
+ bool
+ select KERNEL_RISCV_PMU_SBI
+ depends on riscv64
+
+config KERNEL_RISCV_PMU_SBI
+ bool
+ depends on riscv64
+
config KERNEL_X86_VSYSCALL_EMULATION
bool "Enable vsyscall emulation"
- default n
depends on x86_64
help
This enables emulation of the legacy vsyscall page. Disabling
config KERNEL_PERF_EVENTS
bool "Compile the kernel with performance events and counters"
- default n
select KERNEL_ARM_PMU if (arm || aarch64)
+ select KERNEL_ARM_PMUV3 if (arm_v7 || aarch64) && LINUX_6_6
+ select KERNEL_RISCV_PMU if riscv64
config KERNEL_PROFILING
bool "Compile the kernel with profiling enabled"
- default n
select KERNEL_PERF_EVENTS
help
Enable the extended profiling support mechanisms used by profilers such
as OProfile.
+config KERNEL_RPI_AXIPERF
+ bool "Compile the kernel with RaspberryPi AXI Performance monitors"
+ default y
+ depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
+
config KERNEL_UBSAN
bool "Compile the kernel with undefined behaviour sanity checker"
help
Enabling this option on architectures that support unaligned
accesses may produce a lot of false positives.
+config KERNEL_UBSAN_BOUNDS
+ bool "Perform array index bounds checking"
+ depends on KERNEL_UBSAN
+ help
+ This option enables detection of directly indexed out of bounds array
+ accesses, where the array size is known at compile time. Note that
+ this does not protect array overflows via bad calls to the
+ {str,mem}*cpy() family of functions (that is addressed by
+ FORTIFY_SOURCE).
+
config KERNEL_UBSAN_NULL
bool "Enable checking of null pointers"
depends on KERNEL_UBSAN
This option enables detection of memory accesses via a
null pointer.
+config KERNEL_UBSAN_TRAP
+ bool "On Sanitizer warnings, abort the running kernel code"
+ depends on KERNEL_UBSAN
+ help
+ Building kernels with Sanitizer features enabled tends to grow the
+ kernel size by around 5%, due to adding all the debugging text on
+ failure paths. To avoid this, Sanitizer instrumentation can just
+ issue a trap. This reduces the kernel size overhead but turns all
+ warnings (including potentially harmless conditions) into full
+ exceptions that abort the running kernel code (regardless of context,
+ locks held, etc), which may destabilize the system. For some system
+ builders this is an acceptable trade-off.
+
config KERNEL_KASAN
bool "Compile the kernel with KASan: runtime memory debugger"
select KERNEL_SLUB_DEBUG
- depends on (x86_64 || aarch64)
+ depends on (x86_64 || aarch64 || arm || powerpc || riscv64)
help
Enables kernel address sanitizer - runtime memory debugger,
designed to find out-of-bounds accesses and use-after-free bugs.
compile time.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
+config KERNEL_KASAN_VMALLOC
+ bool "Back mappings in vmalloc space with real shadow memory"
+ depends on KERNEL_KASAN
+ help
+ By default, the shadow region for vmalloc space is the read-only
+ zero page. This means that KASAN cannot detect errors involving
+ vmalloc space.
+
+ Enabling this option will hook in to vmap/vmalloc and back those
+ mappings with real shadow memory allocated on demand. This allows
+ for KASAN to detect more sorts of errors (and to support vmapped
+ stacks), but at the cost of higher memory usage.
+
+ This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
+ depend on that in here, so it is possible that enabling this
+ will have no effect.
+
+if KERNEL_KASAN
+choice
+ prompt "KASAN mode"
+ depends on KERNEL_KASAN
+ default KERNEL_KASAN_GENERIC
+ help
+ KASAN has three modes:
+
+ 1. Generic KASAN (supported by many architectures, enabled with
+ CONFIG_KASAN_GENERIC, similar to userspace ASan),
+ 2. Software Tag-Based KASAN (arm64 only, based on software memory
+ tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
+ HWASan), and
+ 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
+ tagging, enabled with CONFIG_KASAN_HW_TAGS).
+
+config KERNEL_KASAN_GENERIC
+ bool "Generic KASAN"
+ select KERNEL_SLUB_DEBUG
+ help
+ Enables Generic KASAN.
+
+ Consumes about 1/8th of available memory at kernel start and adds an
+ overhead of ~50% for dynamic allocations.
+ The performance slowdown is ~x3.
+
+config KERNEL_KASAN_SW_TAGS
+ bool "Software Tag-Based KASAN"
+ depends on aarch64
+ select KERNEL_SLUB_DEBUG
+ help
+ Enables Software Tag-Based KASAN.
+
+ Supported only on arm64 CPUs and relies on Top Byte Ignore.
+
+ Consumes about 1/16th of available memory at kernel start and
+ add an overhead of ~20% for dynamic allocations.
+
+ May potentially introduce problems related to pointer casting and
+ comparison, as it embeds a tag into the top byte of each pointer.
+
+config KERNEL_KASAN_HW_TAGS
+ bool "Hardware Tag-Based KASAN"
+ depends on aarch64
+ select KERNEL_SLUB_DEBUG
+ select KERNEL_ARM64_MTE
+ help
+ Enables Hardware Tag-Based KASAN.
+
+ Supported only on arm64 CPUs starting from ARMv8.5 and relies on
+ Memory Tagging Extension and Top Byte Ignore.
+
+ Consumes about 1/32nd of available memory.
+
+ May potentially introduce problems related to pointer casting and
+ comparison, as it embeds a tag into the top byte of each pointer.
+
+endchoice
+
+ config KERNEL_ARM64_MTE
+ def_bool n
+
+endif
choice
prompt "Instrumentation type"
depends on KERNEL_KASAN
+ depends on !KERNEL_KASAN_HW_TAGS
default KERNEL_KASAN_OUTLINE
config KERNEL_KASAN_OUTLINE
config KERNEL_TASKSTATS
bool "Compile the kernel with task resource/io statistics and accounting"
- default n
help
Enable the collection and publishing of task/io statistics and
accounting. Enable this option to enable i/o monitoring in system
config KERNEL_FTRACE
bool "Compile the kernel with tracing support"
depends on !TARGET_uml
- default n
config KERNEL_FTRACE_SYSCALLS
bool "Trace system calls"
depends on KERNEL_FTRACE
- default n
config KERNEL_ENABLE_DEFAULT_TRACERS
bool "Trace process context switches and events"
depends on KERNEL_FTRACE
- default n
config KERNEL_FUNCTION_TRACER
bool "Function tracer"
depends on KERNEL_FTRACE
- default n
config KERNEL_FUNCTION_GRAPH_TRACER
bool "Function graph tracer"
depends on KERNEL_FUNCTION_TRACER
- default n
config KERNEL_DYNAMIC_FTRACE
bool "Enable/disable function tracing dynamically"
depends on KERNEL_FUNCTION_TRACER
- default n
config KERNEL_FUNCTION_PROFILER
bool "Function profiler"
depends on KERNEL_FUNCTION_TRACER
- default n
+
+config KERNEL_IRQSOFF_TRACER
+ bool "Interrupts-off Latency Tracer"
+ depends on KERNEL_FTRACE
+ help
+ This option measures the time spent in irqs-off critical
+ sections, with microsecond accuracy.
+
+ The default measurement method is a maximum search, which is
+ disabled by default and can be runtime (re-)started
+ via:
+
+ echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
+
+ (Note that kernel size and overhead increase with this option
+ enabled. This option and the preempt-off timing option can be
+ used together or separately.)
+
+config KERNEL_PREEMPT_TRACER
+ bool "Preemption-off Latency Tracer"
+ depends on KERNEL_FTRACE
+ help
+ This option measures the time spent in preemption-off critical
+ sections, with microsecond accuracy.
+
+ The default measurement method is a maximum search, which is
+ disabled by default and can be runtime (re-)started
+ via:
+
+ echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
+
+ (Note that kernel size and overhead increase with this option
+ enabled. This option and the irqs-off timing option can be
+ used together or separately.)
+
+config KERNEL_HIST_TRIGGERS
+ bool "Histogram triggers"
+ depends on KERNEL_FTRACE
+ help
+ Hist triggers allow one or more arbitrary trace event fields to be
+ aggregated into hash tables and dumped to stdout by reading a
+ debugfs/tracefs file. They're useful for gathering quick and dirty
+ (though precise) summaries of event activity as an initial guide for
+ further investigation using more advanced tools.
+
+ Inter-event tracing of quantities such as latencies is also
+ supported using hist triggers under this option.
config KERNEL_DEBUG_KERNEL
bool
- default n
config KERNEL_DEBUG_INFO
bool "Compile the kernel with debug information"
help
This will compile your kernel and modules with debug information.
+config KERNEL_DEBUG_INFO_BTF
+
+ bool "Enable additional BTF type information"
+ depends on !HOST_OS_MACOS
+ depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
+ select DWARVES
+ help
+ Generate BPF Type Format (BTF) information from DWARF debug info.
+ Turning this on expects presence of pahole tool, which will convert
+ DWARF type info into equivalent deduplicated BTF type info.
+
+ Required to run BPF CO-RE applications.
+
+config KERNEL_MODULE_ALLOW_BTF_MISMATCH
+ bool "Allow loading modules with non-matching BTF type info"
+ depends on KERNEL_DEBUG_INFO_BTF
+ help
+ For modules whose split BTF does not match vmlinux, load without
+ BTF rather than refusing to load. The default behavior with
+ module BTF enabled is to reject modules with such mismatches;
+ this option will still load module BTF where possible but ignore
+ it when a mismatch is found.
+
+config KERNEL_DEBUG_INFO_REDUCED
+ bool "Reduce debugging information"
+ default y
+ depends on KERNEL_DEBUG_INFO
+ help
+ If you say Y here gcc is instructed to generate less debugging
+ information for structure types. This means that tools that
+ need full debugging information (like kgdb or systemtap) won't
+ be happy. But if you merely need debugging information to
+ resolve line numbers there is no loss. Advantage is that
+ build directory object sizes shrink dramatically over a full
+ DEBUG_INFO build and compile times are reduced too.
+ Only works with newer gcc versions.
+
+config KERNEL_FRAME_WARN
+ int
+ range 0 8192
+ default 1280 if KERNEL_KASAN && !ARCH_64BIT
+ default 1024 if !ARCH_64BIT
+ default 2048 if ARCH_64BIT
+ help
+ Tell the compiler to warn at build time for stack frames larger than this.
+ Setting this too low will cause a lot of warnings.
+ Setting it to 0 disables the warning.
+
+# KERNEL_DEBUG_LL symbols must have the default value set as otherwise
+# KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
+# which means that buildroot wont override the DEBUG_LL symbols in target
+# kernel configurations and lead to devices that dont have working console
config KERNEL_DEBUG_LL_UART_NONE
bool
default n
help
ARM low level debugging.
+config KERNEL_DEBUG_VIRTUAL
+ bool "Compile the kernel with VM translations debugging"
+ select KERNEL_DEBUG_KERNEL
+ help
+ Enable checks sanity checks to catch invalid uses of
+ virt_to_phys()/phys_to_virt() against the non-linear address space.
+
config KERNEL_DYNAMIC_DEBUG
bool "Compile the kernel with dynamic printk"
select KERNEL_DEBUG_FS
- default n
help
Compiles debug level messages into the kernel, which would not
otherwise be available at runtime. These messages can then be
config KERNEL_EARLY_PRINTK
bool "Compile the kernel with early printk"
default y if TARGET_bcm53xx
- default n
depends on arm
select KERNEL_DEBUG_KERNEL
select KERNEL_DEBUG_LL if arm
config KERNEL_KPROBES
bool "Compile the kernel with kprobes support"
- default n
select KERNEL_FTRACE
select KERNEL_PERF_EVENTS
help
instrumentation and testing.
If in doubt, say "N".
-config KERNEL_KPROBE_EVENT
+config KERNEL_KPROBE_EVENTS
bool
default y if KERNEL_KPROBES
-config KERNEL_KPROBE_EVENTS
+config KERNEL_BPF_EVENTS
+ bool "Compile the kernel with BPF event support"
+ select KERNEL_KPROBES
+ help
+ Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
+ This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
+ for sending data from BPF programs to user-space for post-processing
+ or logging.
+
+config KERNEL_BPF_KPROBE_OVERRIDE
bool
- default y if KERNEL_KPROBES
+ depends on KERNEL_KPROBES
+ default n
config KERNEL_AIO
bool "Compile the kernel with asynchronous IO support"
default y if !SMALL_FLASH
+config KERNEL_IO_URING
+ bool "Compile the kernel with io_uring support"
+ depends on !SMALL_FLASH
+ default y if (x86_64 || aarch64)
+
config KERNEL_FHANDLE
bool "Compile the kernel with support for fhandle syscalls"
default y if !SMALL_FLASH
config KERNEL_BLK_DEV_BSG
bool "Compile the kernel with SCSI generic v4 support for any block device"
- default n
config KERNEL_TRANSPARENT_HUGEPAGE
bool
bool "Compile the kernel with HugeTLB support"
select KERNEL_TRANSPARENT_HUGEPAGE
select KERNEL_HUGETLBFS
- default n
config KERNEL_MAGIC_SYSRQ
bool "Compile the kernel with SysRq support"
config KERNEL_PROVE_LOCKING
bool "Enable kernel lock checking"
select KERNEL_DEBUG_KERNEL
- default n
-config KERNEL_LOCKUP_DETECTOR
- bool "Compile the kernel with detect Hard and Soft Lockups"
+config KERNEL_SOFTLOCKUP_DETECTOR
+ bool "Compile the kernel with detect Soft Lockups"
depends on KERNEL_DEBUG_KERNEL
help
Say Y here to enable the kernel to act as a watchdog to detect
- hard and soft lockups.
+ soft lockups.
Softlockups are bugs that cause the kernel to loop in kernel
mode for more than 20 seconds, without giving other tasks a
chance to run. The current stack trace is displayed upon
detection and the system will stay locked up.
+config KERNEL_HARDLOCKUP_DETECTOR
+ bool "Compile the kernel with detect Hard Lockups"
+ depends on KERNEL_DEBUG_KERNEL
+ help
+ Say Y here to enable the kernel to act as a watchdog to detect
+ hard lockups.
+
Hardlockups are bugs that cause the CPU to loop in kernel mode
for more than 10 seconds, without letting other interrupts have a
chance to run. The current stack trace is displayed upon detection
and the system will stay locked up.
- The overhead should be minimal. A periodic hrtimer runs to
- generate interrupts and kick the watchdog task every 4 seconds.
- An NMI is generated every 10 seconds or so to check for hardlockups.
-
- The frequency of hrtimer and NMI events and the soft and hard lockup
- thresholds can be controlled through the sysctl watchdog_thresh.
-
config KERNEL_DETECT_HUNG_TASK
bool "Compile the kernel with detect Hung Tasks"
depends on KERNEL_DEBUG_KERNEL
- default KERNEL_LOCKUP_DETECTOR
+ default KERNEL_SOFTLOCKUP_DETECTOR
help
Say Y here to enable the kernel to detect "hung tasks",
which are bugs that cause the task to be stuck in
default y
config KERNEL_SLUB_DEBUG
- bool
+ bool "Enable SLUB debugging support"
+ help
+ This enables various debugging features:
+ - Accepts "slub_debug" kernel parameter
+ - Provides caches debugging options (e.g. tracing, validating)
+ - Adds /sys/kernel/slab/ attrs for reading amounts of *objects*
+ - Enables /proc/slabinfo support
+ - Prints info when running out of memory
+
+ Enabling this can result in a significant increase of code size.
config KERNEL_SLUB_DEBUG_ON
- bool
+ depends on KERNEL_SLUB_DEBUG
+ bool "Boot kernel with basic caches debugging enabled"
+ help
+ This enables by default sanity_checks, red_zone, poison and store_user
+ debugging options for all caches.
config KERNEL_SLABINFO
select KERNEL_SLUB_DEBUG
config USE_SPARSE
bool "Enable sparse check during kernel build"
- default n
config KERNEL_DEVTMPFS
bool "Compile the kernel with device tmpfs enabled"
- default n
help
devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
devices nodes for all registered devices to simplify boot, but leaves more
config KERNEL_DEVTMPFS_MOUNT
bool "Automatically mount devtmpfs after root filesystem is mounted"
- default n
endif
config KERNEL_KEYS
- bool "Enable kernel access key retention support"
- default n
+ bool "Enable kernel access key retention support"
+ default !SMALL_FLASH
config KERNEL_PERSISTENT_KEYRINGS
- bool "Enable kernel persistent keyrings"
- depends on KERNEL_KEYS
- default n
+ bool "Enable kernel persistent keyrings"
+ depends on KERNEL_KEYS
-config KERNEL_BIG_KEYS
- bool "Enable large payload keys on kernel keyrings"
- depends on KERNEL_KEYS
- default n
+config KERNEL_KEYS_REQUEST_CACHE
+ bool "Enable temporary caching of the last request_key() result"
+ depends on KERNEL_KEYS
-config KERNEL_ENCRYPTED_KEYS
- tristate "Enable keys with encrypted payloads on kernel keyrings"
- depends on KERNEL_KEYS
- default n
+config KERNEL_BIG_KEYS
+ bool "Enable large payload keys on kernel keyrings"
+ depends on KERNEL_KEYS
#
# CGROUP support symbols
config KERNEL_CGROUP_DEBUG
bool "Example debug cgroup subsystem"
- default n
help
This option enables a simple cgroup subsystem that
exports useful debugging information about the cgroups
config KERNEL_CGROUP_FREEZER
bool "legacy Freezer cgroup subsystem"
- default n
select KERNEL_FREEZER
help
Provides a way to freeze and unfreeze all tasks in a
config KERNEL_CGROUP_DEVICE
bool "legacy Device controller for cgroups"
- default n
help
Provides a cgroup implementing whitelists for devices which
a process in the cgroup can mknod or open.
config KERNEL_CGROUP_HUGETLB
bool "HugeTLB controller"
- default n
select KERNEL_HUGETLB_PAGE
config KERNEL_CGROUP_PIDS
config KERNEL_PROC_PID_CPUSET
bool "Include legacy /proc/<pid>/cpuset file"
- default n
depends on KERNEL_CPUSETS
config KERNEL_CGROUP_CPUACCT
bool "Memory Resource Controller for Control Groups"
default y
select KERNEL_FREEZER
- depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
+ depends on KERNEL_RESOURCE_COUNTERS
help
Provides a memory resource controller that manages both anonymous
memory and page cache. (See Documentation/cgroups/memory.txt)
config KERNEL_MEMCG_SWAP_ENABLED
bool "Memory Resource Controller Swap Extension enabled by default"
- default n
depends on KERNEL_MEMCG_SWAP
help
Memory Resource Controller Swap Extension comes with its price in
config KERNEL_CGROUP_PERF
bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
select KERNEL_PERF_EVENTS
- default n
help
This option extends the per-cpu mode to restrict monitoring to
threads which belong to the cgroup specified and run on the
config KERNEL_DEBUG_BLK_CGROUP
bool "Enable Block IO controller debugging"
- default n
depends on KERNEL_BLK_CGROUP
help
Enable some debugging help. Currently it exports additional stat
config KERNEL_NET_CLS_CGROUP
bool "legacy Control Group Classifier"
- default n
config KERNEL_CGROUP_NET_CLASSID
bool "legacy Network classid cgroup"
- default n
config KERNEL_CGROUP_NET_PRIO
bool "legacy Network priority cgroup"
- default n
endif
Multicast routing requires a multicast routing daemon in
addition to kernel support.
+if KERNEL_IP_MROUTE
+
+ config KERNEL_IP_MROUTE_MULTIPLE_TABLES
+ def_bool y
+
+ config KERNEL_IP_PIMSM_V1
+ def_bool y
+
+ config KERNEL_IP_PIMSM_V2
+ def_bool y
+
+endif
+
#
# IPv6 configuration
#
Multicast routing requires a multicast routing daemon in
addition to kernel support.
- config KERNEL_IPV6_PIMSM_V2
+ if KERNEL_IPV6_MROUTE
+
+ config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
+ def_bool y
+
+ config KERNEL_IPV6_PIMSM_V2
+ def_bool y
+
+ endif
+
+ config KERNEL_IPV6_SEG6_LWTUNNEL
+ bool "Enable support for lightweight tunnels"
+ default y if !SMALL_FLASH
+ help
+ Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
+
+ config KERNEL_LWTUNNEL_BPF
def_bool n
endif
+#
+# Miscellaneous network configuration
+#
+
+config KERNEL_NET_L3_MASTER_DEV
+ bool "L3 Master device support"
+ help
+ This module provides glue between core networking code and device
+ drivers to support L3 master devices like VRF.
+
+config KERNEL_XDP_SOCKETS
+ bool "XDP sockets support"
+ help
+ XDP sockets allows a channel between XDP programs and
+ userspace applications.
+
+config KERNEL_PAGE_POOL
+ def_bool n
+
+config KERNEL_PAGE_POOL_STATS
+ bool "Page pool stats support"
+ depends on KERNEL_PAGE_POOL
+
#
# NFS related symbols
#
menu "Filesystem ACL and attr support options"
config USE_FS_ACL_ATTR
bool "Use filesystem ACL and attr support by default"
- default n
help
Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
for kernel and packages, except tmpfs, flash filesystems,
config KERNEL_F2FS_FS_POSIX_ACL
bool "Enable POSIX ACL for F2FS Filesystems"
select KERNEL_FS_POSIX_ACL
- default n
config KERNEL_JFFS2_FS_POSIX_ACL
bool "Enable POSIX ACL for JFFS2 Filesystems"
select KERNEL_FS_POSIX_ACL
- default n
config KERNEL_TMPFS_POSIX_ACL
bool "Enable POSIX ACL for TMPFS Filesystems"
select KERNEL_FS_POSIX_ACL
- default n
config KERNEL_CIFS_ACL
bool "Enable CIFS ACLs"
config KERNEL_NFS_V3_ACL_SUPPORT
bool "Enable ACLs for NFSv3"
- default n
config KERNEL_NFSD_V2_ACL_SUPPORT
bool "Enable ACLs for NFSDv2"
- default n
config KERNEL_NFSD_V3_ACL_SUPPORT
bool "Enable ACLs for NFSDv3"
- default n
config KERNEL_REISER_FS_POSIX_ACL
bool "Enable POSIX ACLs for ReiserFS"
default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
default 3
+config KERNEL_SQUASHFS_XATTR
+ bool "Squashfs XATTR support"
+
#
-# compile optimiziation setting
+# compile optimization setting
#
choice
prompt "Compiler optimization level"
your compiler resulting in a smaller kernel.
endchoice
+
+config KERNEL_AUDIT
+ bool "Auditing support"
+
+config KERNEL_SECURITY
+ bool "Enable different security models"
+
+config KERNEL_SECURITY_NETWORK
+ bool "Socket and Networking Security Hooks"
+ select KERNEL_SECURITY
+
+config KERNEL_SECURITY_SELINUX
+ bool "NSA SELinux Support"
+ select KERNEL_SECURITY_NETWORK
+ select KERNEL_AUDIT
+
+config KERNEL_SECURITY_SELINUX_BOOTPARAM
+ bool "NSA SELinux boot parameter"
+ depends on KERNEL_SECURITY_SELINUX
+ default y
+
+config KERNEL_SECURITY_SELINUX_DISABLE
+ bool "NSA SELinux runtime disable"
+ depends on KERNEL_SECURITY_SELINUX
+
+config KERNEL_SECURITY_SELINUX_DEVELOP
+ bool "NSA SELinux Development Support"
+ depends on KERNEL_SECURITY_SELINUX
+ default y
+
+config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
+ int
+ depends on KERNEL_SECURITY_SELINUX
+ default 9
+
+config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
+ int
+ depends on KERNEL_SECURITY_SELINUX
+ default 256
+
+config KERNEL_LSM
+ string
+ default "lockdown,yama,loadpin,safesetid,integrity,selinux"
+ depends on KERNEL_SECURITY_SELINUX
+
+config KERNEL_EXT4_FS_SECURITY
+ bool "Ext4 Security Labels"
+
+config KERNEL_F2FS_FS_SECURITY
+ bool "F2FS Security Labels"
+
+config KERNEL_UBIFS_FS_SECURITY
+ bool "UBIFS Security Labels"
+
+config KERNEL_JFFS2_FS_SECURITY
+ bool "JFFS2 Security Labels"
+
+config KERNEL_WERROR
+ bool "Compile the kernel with warnings as errors"
+ help
+ A kernel build should not cause any compiler warnings, and this
+ enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
+ to enforce that rule by default. Certain warnings from other tools
+ such as the linker may be upgraded to errors with this option as
+ well.
+
+ However, if you have a new (or very old) compiler or linker with odd
+ and unusual warnings, or you have some architecture with problems,
+ you may need to disable this config option in order to
+ successfully build the kernel.
projects / openwrt / openwrt.git / blobdiff