1. 11 Aug, 2019 1 commit
  2. 14 Jul, 2019 2 commits
    • A. Wilcox's avatar
      system/easy-kernel*: slight config tweaking · 26986388
      A. Wilcox authored
      * Use Westwood+ as default TCP cc algo, instead of CUBIC.
      
      * Ensure JFS and XFS are =y.
      
      * Allow all users to read dmesg.
      
      * Enable ALi PATA controller on pmmx.
      26986388
    • Luis Ressel's avatar
      system/easy-kernel*: (Partly) sync kernel configs · 7d90fa75
      Luis Ressel authored
      This is an attempt at syncing the kernel configs of our different
      arches. So far, only the 'Networking support/Networking options',
      'Filesystems', 'Security Options' and 'Cryptographic API' sections have
      been handled, since those require much less knowledge about some of the
      more exotic hardware we support than some of the other sections.
      
      Some notable changes:
      
      Network
      * Enable IPsec, miscellaneous tunnels, and the diag interfaces for all
        socket families.
      * Enable policy routing (for wireguard).
      * Make the CUBIC TCP congestion control algorithm the default
        everywhere, provide a few other common choices.
      * Support FQ_CODEL. We may want to support further QoS features.
      * Disable support for PF_KEY sockets, which shouldn't be required by our
        IPsec userland tools.
      * Enable most netfilter features, except for arptables/ebtables/nfacct/
        nfqueue/ipset, whose userland tools we don't provide yet, and a few
        other very specialized options.
      
      Filesystems
      * Build everything except for ext4, iso9660, vfat and squashfs as
        modules.
      * Use the ext4 driver for ext2 filesystems.
      * Disable the kernel automounter, which is currently only enabled on
        ppc32 and aarch64.
      
      Security
      * Only grant root access to dmesg by default; this can be overriden via
        a sysctl.
      * Support Yama; it doesn't do anything unless explicitly enabled by a
        sysctl, and may be useful to some users.
      * Disable AppAarmor, which is currently only enabled on pmmx and x86_64.
      
      Crypto
      * Disable a lot of uncommon ciphers which are unlikely to be used by
        anything.
      * Build all crypto code as modules (where possible); this means users
        with a dm-crypt-encrypted root filesystem now need to provide the
        appropriate kernel modules in their initramfs images on all arches.
      * Disable support for dedicated cryptographic coprocessors; we are not
        in a position to evaluate their security and performance benefits or
        disadvantages.
      
      Other
      * Allow serial consoles to be used as the kernel console on all arches;
        this is important for VMs.
      7d90fa75
  3. 24 Jun, 2019 1 commit
  4. 17 Jun, 2019 1 commit
  5. 02 Jun, 2019 2 commits
  6. 17 Nov, 2018 1 commit
  7. 12 Sep, 2018 1 commit
  8. 16 Aug, 2018 1 commit
  9. 07 Aug, 2018 1 commit
  10. 06 Aug, 2018 1 commit
  11. 25 Jul, 2018 2 commits
  12. 08 Jul, 2018 1 commit
  13. 03 Jul, 2018 2 commits
  14. 24 Apr, 2018 1 commit
  15. 14 Feb, 2018 1 commit
  16. 09 Dec, 2017 1 commit