-
Notifications
You must be signed in to change notification settings - Fork 9
/
base.config
118 lines (92 loc) · 3.15 KB
/
base.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
## Base configuration file for Gentoo dist-kernels
## Contains common configuration for all systems
CONFIG_DEFAULT_HOSTNAME="gentoo"
## we provide x32 support
CONFIG_X86_X32=y
## (for 5.18+)
CONFIG_X86_X32_ABI=y
## disable signatures
# CONFIG_MODULE_SIG is not set
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
# CONFIG_KEXEC_SIG is not set
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
# CONFIG_INTEGRITY_SIGNATURE is not set
## remove massive array of LSMs
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="yama"
## these tests are really not necessary
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
## probably not needed by anybody but developers
# CONFIG_CRYPTO_STATS is not set
## 1000hz is excessive for laptops
CONFIG_HZ_300=y
# CONFIG_HZ_1000 is not set
## nobody is using this kernel on insane super computers
CONFIG_NR_CPUS_RANGE_BEGIN=2
CONFIG_NR_CPUS_RANGE_END=512
CONFIG_NR_CPUS_DEFAULT=64
CONFIG_NR_CPUS=512
## we're not actually producing live patches for folks
# CONFIG_LIVEPATCH is not set
## this slows down networking in general
# CONFIG_IP_FIB_TRIE_STATS is not set
## include font for normal and hidpi screens
CONFIG_FONTS=y
CONFIG_FONT_8x16=y
CONFIG_FONT_TER16x32=y
## we don't need to actually install system headers from this ebuild
# CONFIG_HEADERS_INSTALL is not set
## enable /proc/config.gz, used by linux-info.eclass
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
## This breaks cross-compiles unless a cross-compiled libelf is available
## https://bugs.gentoo.org/770430
# CONFIG_BPF_PRELOAD_UMD is not set
## Use gzip compression for better compatibility
## https://bugs.gentoo.org/784599
CONFIG_KERNEL_GZIP=y
## Fix the path for Gentoo.
CONFIG_MODPROBE_PATH="/sbin/modprobe"
## Enable apparmor. Fedora only provides SELinux support.
## https://bugs.gentoo.org/834918
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
## enable wireguard (needed for 5.4 LTS)
CONFIG_WIREGUARD=m
## disable simplefb to fix issues with nvidia-drivers
## https://bugs.gentoo.org/840439
# CONFIG_DRM_SIMPLEDRM is not set
# CONFIG_SYSFB_SIMPLEFB is not set
## required for capturing memory error events for app-admin/rasdaemon
CONFIG_ACPI_EXTLOG=m
## undo Fedora disabling framebuffer drivers in 6.1.x configs
CONFIG_FB_EFI=y
CONFIG_FB_VESA=y
## Disable VirtualBox Guest Additions modules
## https://bugs.gentoo.org/891313
# CONFIG_DRM_VBOXVIDEO is not set
# CONFIG_VBOXGUEST is not set
# CONFIG_VBOXSF_FS is not set
## Disable zboot, we don't support it right now and cheap hacks don't seem
## to help
## https://bugs.gentoo.org/897684
CONFIG_EFI_ZBOOT=n
## Enable XFS by default on all kernels
## https://bugs.gentoo.org/915871
CONFIG_XFS_FS=y
CONFIG_XFS_SUPPORT_V4=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_POSIX_ACL=y
## Enable firmware flashing modules
## https://bugs.gentoo.org/917667
CONFIG_SPI_MEM=y
CONFIG_SPI_INTEL=m
CONFIG_SPI_INTEL_PCI=m
CONFIG_SPI_INTEL_PLATFORM=m
## Disable insecure module required by rather uncommon hardware, as suggested
## by greg k-h in https://www.openwall.com/lists/oss-security/2024/04/17/1
CONFIG_N_GSM=n