14,15c14,15 < CONFIG_ARCH_MMAP_RND_BITS_MIN=28 < CONFIG_ARCH_MMAP_RND_BITS_MAX=32 --- > CONFIG_ARCH_MMAP_RND_BITS_MIN=27 > CONFIG_ARCH_MMAP_RND_BITS_MAX=27 56c56 < CONFIG_LOCALVERSION="-161024_12" --- > CONFIG_LOCALVERSION="-161024_09" 146d145 < CONFIG_ARCH_SUPPORTS_INT128=y 284c283 < CONFIG_ARCH_MMAP_RND_BITS=28 --- > CONFIG_ARCH_MMAP_RND_BITS=27 532d530 < # CONFIG_COMPAT_VDSO is not set 3728d3725 < # CONFIG_PROC_KCORE is not set 3955,3958d3951 < # CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set < # CONFIG_DEBUG_LOCK_ALLOC is not set < # CONFIG_PROVE_LOCKING is not set < # CONFIG_LOCK_STAT is not set 3987d3979 < # CONFIG_LATENCYTOP is not set 4092c4084,4086 < CONFIG_TASK_SIZE_MAX_SHIFT=47 --- > CONFIG_PAX_PER_CPU_PGD=y > CONFIG_TASK_SIZE_MAX_SHIFT=42 > CONFIG_PAX_USERCOPY_SLABS=y 4114a4109 > CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=100 4124,4125c4119,4127 < # CONFIG_PAX is not set < # CONFIG_PAX_NO_ACL_FLAGS is not set --- > CONFIG_PAX=y > > # > # PaX Control > # > # CONFIG_PAX_SOFTMODE is not set > # CONFIG_PAX_PT_PAX_FLAGS is not set > CONFIG_PAX_XATTR_PAX_FLAGS=y > CONFIG_PAX_NO_ACL_FLAGS=y 4127a4130,4141 > > # > # Non-executable pages > # > CONFIG_PAX_NOEXEC=y > CONFIG_PAX_PAGEEXEC=y > CONFIG_PAX_EMUTRAMP=y > CONFIG_PAX_MPROTECT=y > # CONFIG_PAX_MPROTECT_COMPAT is not set > # CONFIG_PAX_ELFRELOCS is not set > CONFIG_PAX_KERNEXEC=y > CONFIG_PAX_KERNEXEC_PLUGIN=y 4129c4143 < # CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS is not set --- > CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y 4132a4147,4154 > # Address Space Layout Randomization > # > CONFIG_PAX_ASLR=y > CONFIG_PAX_RANDKSTACK=y > CONFIG_PAX_RANDUSTACK=y > CONFIG_PAX_RANDMMAP=y > > # 4136,4137c4158,4159 < # CONFIG_PAX_MEMORY_STACKLEAK is not set < # CONFIG_PAX_MEMORY_STRUCTLEAK is not set --- > CONFIG_PAX_MEMORY_STACKLEAK=y > CONFIG_PAX_MEMORY_STRUCTLEAK=y 4139,4141c4161,4166 < # CONFIG_PAX_REFCOUNT is not set < # CONFIG_PAX_USERCOPY is not set < # CONFIG_PAX_SIZE_OVERFLOW is not set --- > CONFIG_PAX_REFCOUNT=y > CONFIG_PAX_CONSTIFY_PLUGIN=y > CONFIG_PAX_USERCOPY=y > # CONFIG_PAX_USERCOPY_DEBUG is not set > CONFIG_PAX_SIZE_OVERFLOW=y > CONFIG_PAX_SIZE_OVERFLOW_EXTRA=y 4143,4144c4168,4169 < # CONFIG_PAX_LATENT_ENTROPY is not set < # CONFIG_PAX_RAP is not set --- > CONFIG_PAX_LATENT_ENTROPY=y > CONFIG_PAX_RAP=y 4151,4158c4176,4186 < # CONFIG_GRKERNSEC_BPF_HARDEN is not set < # CONFIG_GRKERNSEC_PERF_HARDEN is not set < # CONFIG_GRKERNSEC_KSTACKOVERFLOW is not set < # CONFIG_GRKERNSEC_BRUTE is not set < # CONFIG_GRKERNSEC_MODHARDEN is not set < # CONFIG_GRKERNSEC_HIDESYM is not set < # CONFIG_GRKERNSEC_RANDSTRUCT is not set < # CONFIG_GRKERNSEC_KERN_LOCKOUT is not set --- > CONFIG_GRKERNSEC_BPF_HARDEN=y > CONFIG_GRKERNSEC_PERF_HARDEN=y > # CONFIG_GRKERNSEC_RAND_THREADSTACK is not set > CONFIG_GRKERNSEC_PROC_MEMMAP=y > CONFIG_GRKERNSEC_KSTACKOVERFLOW=y > CONFIG_GRKERNSEC_BRUTE=y > CONFIG_GRKERNSEC_MODHARDEN=y > CONFIG_GRKERNSEC_HIDESYM=y > CONFIG_GRKERNSEC_RANDSTRUCT=y > CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y > CONFIG_GRKERNSEC_KERN_LOCKOUT=y 4164c4192 < # CONFIG_GRKERNSEC_ACL_HIDEKERN is not set --- > CONFIG_GRKERNSEC_ACL_HIDEKERN=y 4171,4175c4199,4205 < # CONFIG_GRKERNSEC_PROC is not set < # CONFIG_GRKERNSEC_LINK is not set < # CONFIG_GRKERNSEC_SYMLINKOWN is not set < # CONFIG_GRKERNSEC_FIFO is not set < # CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set --- > CONFIG_GRKERNSEC_PROC=y > CONFIG_GRKERNSEC_PROC_USER=y > CONFIG_GRKERNSEC_PROC_ADD=y > CONFIG_GRKERNSEC_LINK=y > CONFIG_GRKERNSEC_SYMLINKOWN=y > CONFIG_GRKERNSEC_FIFO=y > CONFIG_GRKERNSEC_SYSFS_RESTRICT=y 4177,4178c4207,4223 < # CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set < # CONFIG_GRKERNSEC_CHROOT is not set --- > CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y > CONFIG_GRKERNSEC_CHROOT=y > CONFIG_GRKERNSEC_CHROOT_MOUNT=y > CONFIG_GRKERNSEC_CHROOT_DOUBLE=y > CONFIG_GRKERNSEC_CHROOT_PIVOT=y > CONFIG_GRKERNSEC_CHROOT_CHDIR=y > CONFIG_GRKERNSEC_CHROOT_CHMOD=y > CONFIG_GRKERNSEC_CHROOT_FCHDIR=y > CONFIG_GRKERNSEC_CHROOT_MKNOD=y > CONFIG_GRKERNSEC_CHROOT_SHMAT=y > CONFIG_GRKERNSEC_CHROOT_UNIX=y > CONFIG_GRKERNSEC_CHROOT_FINDTASK=y > CONFIG_GRKERNSEC_CHROOT_NICE=y > CONFIG_GRKERNSEC_CHROOT_SYSCTL=y > CONFIG_GRKERNSEC_CHROOT_RENAME=y > CONFIG_GRKERNSEC_CHROOT_CAPS=y > # CONFIG_GRKERNSEC_CHROOT_INITRD is not set 4184,4193c4229,4239 < # CONFIG_GRKERNSEC_EXECLOG is not set < # CONFIG_GRKERNSEC_RESLOG is not set < # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set < # CONFIG_GRKERNSEC_AUDIT_PTRACE is not set < # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set < # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set < # CONFIG_GRKERNSEC_SIGNAL is not set < # CONFIG_GRKERNSEC_FORKFAIL is not set < # CONFIG_GRKERNSEC_TIME is not set < # CONFIG_GRKERNSEC_PROC_IPADDR is not set --- > CONFIG_GRKERNSEC_EXECLOG=y > CONFIG_GRKERNSEC_RESLOG=y > CONFIG_GRKERNSEC_CHROOT_EXECLOG=y > CONFIG_GRKERNSEC_AUDIT_PTRACE=y > CONFIG_GRKERNSEC_AUDIT_CHDIR=y > CONFIG_GRKERNSEC_AUDIT_MOUNT=y > CONFIG_GRKERNSEC_SIGNAL=y > CONFIG_GRKERNSEC_FORKFAIL=y > CONFIG_GRKERNSEC_TIME=y > CONFIG_GRKERNSEC_PROC_IPADDR=y > CONFIG_GRKERNSEC_RWXMAP_LOG=y 4198,4204c4244,4253 < # CONFIG_GRKERNSEC_DMESG is not set < # CONFIG_GRKERNSEC_HARDEN_PTRACE is not set < # CONFIG_GRKERNSEC_PTRACE_READEXEC is not set < # CONFIG_GRKERNSEC_SETXID is not set < # CONFIG_GRKERNSEC_HARDEN_IPC is not set < # CONFIG_GRKERNSEC_HARDEN_TTY is not set < # CONFIG_GRKERNSEC_TPE is not set --- > CONFIG_GRKERNSEC_DMESG=y > CONFIG_GRKERNSEC_HARDEN_PTRACE=y > CONFIG_GRKERNSEC_PTRACE_READEXEC=y > CONFIG_GRKERNSEC_SETXID=y > CONFIG_GRKERNSEC_HARDEN_IPC=y > CONFIG_GRKERNSEC_HARDEN_TTY=y > CONFIG_GRKERNSEC_TPE=y > CONFIG_GRKERNSEC_TPE_ALL=y > # CONFIG_GRKERNSEC_TPE_INVERT is not set > CONFIG_GRKERNSEC_TPE_GID=100 4209,4210c4258,4259 < # CONFIG_GRKERNSEC_BLACKHOLE is not set < # CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set --- > CONFIG_GRKERNSEC_BLACKHOLE=y > CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y 4221c4270,4271 < # CONFIG_GRKERNSEC_SYSCTL is not set --- > CONFIG_GRKERNSEC_SYSCTL=y > CONFIG_GRKERNSEC_SYSCTL_ON=y