Commit Graph

1017 Commits

Author SHA1 Message Date
Jan Alexander Steffens e7d5c4d89c 5.12.11.arch1-1 2021-06-16 22:13:35 +00:00
Jan Alexander Steffens d7bf404c33 FS#71270: Don't enable "bpf" LSM by default
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
2021-06-16 22:13:34 +00:00
Jan Alexander Steffens 3f21513a71 5.12.10.arch1-1 2021-06-10 17:16:45 +00:00
Jan Alexander Steffens 9fe32edb60 5.12.9.arch1-1 2021-06-03 12:11:43 +00:00
Jan Alexander Steffens b7f14e1a69 5.12.8.arch1-1 2021-05-28 21:05:54 +00:00
Jan Alexander Steffens 99703861e1 FS#69505: Enable MTD_ROM 2021-05-27 19:39:55 +00:00
Jan Alexander Steffens b72d63df03 5.12.7.arch1-1 2021-05-26 22:45:28 +00:00
Jan Alexander Steffens 1da8e74711 5.12.6.arch1-1 2021-05-23 01:36:16 +00:00
Jan Alexander Steffens ea7ccabcad 5.12.5.arch1-1 2021-05-19 11:46:27 +00:00
Jan Alexander Steffens 3c493d93c4 5.12.4.arch2-1 2021-05-18 22:29:32 +00:00
Jan Alexander Steffens 04cd0126a3 5.12.4.arch1-2 2021-05-15 21:38:30 +00:00
Jan Alexander Steffens 2a8704f5e1 Set KFENCE_SAMPLE_INTERVAL to 0
Turns off KFENCE by default, as requested by Levente. There are power
use issues, see
https://lore.kernel.org/linux-mm/20210421105132.3965998-1-elver@google.com/
2021-05-15 21:38:29 +00:00
Jan Alexander Steffens 1646eced3b Enable DEBUG_INFO_DWARF4
Required for BTF to work with GCC 11.
2021-05-15 21:38:27 +00:00
Jan Alexander Steffens acb9384891 5.12.4.arch1-1 2021-05-14 14:20:31 +00:00
Jan Alexander Steffens 24c6f0d688 5.12.3.arch2-1 2021-05-13 20:01:56 +00:00
Jan Alexander Steffens 4b8cbaa097 5.12.3.arch1-2 2021-05-13 00:02:40 +00:00
Jan Alexander Steffens 1214e4e40a 5.12.3.arch1-1 2021-05-12 18:53:54 +00:00
Jan Alexander Steffens cc87e6b052 5.12.2.arch1-1 2021-05-07 16:08:11 +00:00
Jan Alexander Steffens db81b3eea9 FS#70742: Enable MTD_NAND_ECC_* 2021-05-07 16:08:09 +00:00
Jan Alexander Steffens 621ea2d08c 5.12.1.arch1-1 2021-05-02 13:41:41 +00:00
Jan Alexander Steffens 7f6df05917 Turn on KFENCE by default
As requested by Levente.
2021-05-02 13:41:40 +00:00
Jan Alexander Steffens b03b4f7e6f 5.12.arch1-1 2021-04-26 21:33:26 +00:00
Jan Alexander Steffens d71e920034 5.11.16.arch1-1 2021-04-21 20:39:28 +00:00
Jan Alexander Steffens 62782a577d FS#69181: Enable FB_UVESA 2021-04-21 20:39:27 +00:00
Jan Alexander Steffens 0d66f76ec1 FS#68698: Enable HID_SENSOR_CUSTOM_SENSOR 2021-04-21 20:39:26 +00:00
Jan Alexander Steffens 6f3f90e76b FS#69505: Enable MTD_RAM 2021-04-21 20:39:22 +00:00
Jan Alexander Steffens 3f3fcefaf5 5.11.15.arch1-2 2021-04-17 00:56:35 +00:00
Jan Alexander Steffens 85750f85be Revert "Enable LOAD_UEFI_KEYS"
It didn't help secure dkms modules like we thought it would.
2021-04-17 00:56:34 +00:00
Jan Alexander Steffens 4e15a9f945 5.11.15.arch1-1 2021-04-16 12:28:14 +00:00
Jan Alexander Steffens e0674e41ca 5.11.14.arch1-1 2021-04-14 12:48:08 +00:00
Jan Alexander Steffens 0ab80e4b19 5.11.13.arch3-1 2021-04-14 11:11:29 +00:00
Jan Alexander Steffens 47a3ddc4b0 5.11.13.arch2-1 2021-04-12 00:54:06 +00:00
Jan Alexander Steffens 46d00c9794 5.11.13.arch1-1 2021-04-10 21:25:36 +00:00
Jan Alexander Steffens 44305ad48b FS#70375: Disable BT_HS 2021-04-09 18:49:50 +00:00
Jan Alexander Steffens 3272234053 FS#70384: Return atkbd to a module 2021-04-09 14:49:24 +00:00
Jan Alexander Steffens eac563f39e 5.11.12.arch1-1 2021-04-07 22:37:33 +00:00
Jan Alexander Steffens 56380b3e43 FS#70299: Enable IDLE_PAGE_TRACKING 2021-04-05 12:50:09 +00:00
Jan Alexander Steffens e74e4210d3 5.11.11.arch1-1 2021-03-30 14:47:29 +00:00
Jan Alexander Steffens f99611e296 FS#69441: Revert "Disable USB gadget support" 2021-03-30 14:47:28 +00:00
Jan Alexander Steffens 320113849b 5.11.10.arch1-1 2021-03-26 00:56:43 +00:00
Jan Alexander Steffens ca32941726 5.11.9.arch1-1 2021-03-24 19:28:05 +00:00
Jan Alexander Steffens d014a88b5b FS#70140: Enable EFI_VARS_PSTORE_DEFAULT_DISABLE 2021-03-24 19:28:03 +00:00
Jan Alexander Steffens 364d5e5432 5.11.8.arch1-1 2021-03-21 02:30:21 +00:00
Jan Alexander Steffens 1cf3662d97 FS#70064: Set SND_HDA_PREALLOC_SIZE to 0
This is also the default in Fedora.
2021-03-21 02:30:20 +00:00
Jan Alexander Steffens 1c099ca397 5.11.7.arch1-1 2021-03-17 17:35:35 +00:00
Jan Alexander Steffens b4a2e977d4 FS#69992: Enable SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC 2021-03-15 16:28:21 +00:00
Jan Alexander Steffens 7e6eb07df5 FS#69479: Disable BCM63XX drivers 2021-03-14 14:40:19 +00:00
Jan Alexander Steffens fc7f97fc30 FS#33958, FS#35753: Fix tomoyo settings 2021-03-14 14:40:17 +00:00
Jan Alexander Steffens 80415a58a9 5.11.6.arch1-1 2021-03-11 15:05:55 +00:00
Jan Alexander Steffens 44637ec6c7 5.11.5.arch1-1 2021-03-09 20:07:14 +00:00
Jan Alexander Steffens e280f34fb3 5.11.4.arch1-1 2021-03-07 18:34:36 +00:00
Jan Alexander Steffens 62f6c03f2c 5.11.3.arch1-1 2021-03-04 22:24:21 +00:00
Jan Alexander Steffens 1dca396562 5.11.2.arch1-1 2021-02-26 22:42:58 +00:00
Jan Alexander Steffens ec11f3e288 5.11.1.arch1-1 2021-02-23 14:47:16 +00:00
Jan Alexander Steffens ae5ce75f0d 5.11.arch2-1 2021-02-19 00:11:51 +00:00
Jan Alexander Steffens cc8cce72b9 5.11.arch1-1 2021-02-15 23:56:35 +00:00
Jan Alexander Steffens c3046f0b81 5.10.16.arch1-1 2021-02-13 21:20:45 +00:00
Jan Alexander Steffens ce690b2efd 5.10.15.arch1-1 2021-02-10 19:05:11 +00:00
Jan Alexander Steffens 3550611332 5.10.14.arch1-1 2021-02-07 23:17:50 +00:00
Jan Alexander Steffens d159b9a739 5.10.13.arch1-2 2021-02-06 11:45:09 +00:00
Jan Alexander Steffens 71c2279684 FS#69158: Return psmouse to a module 2021-02-04 19:32:19 +00:00
Jan Alexander Steffens 2630980304 5.10.13.arch1-1 2021-02-04 00:25:58 +00:00
Jan Alexander Steffens 7874717d9d FS#69479: Disable Lantiq and Rockchip drivers 2021-02-04 00:25:57 +00:00
Jan Alexander Steffens 861c5dfd04 Update security config
- Build in loadpin, but keep it disabled by default
- Enable bpf by default
2021-02-04 00:25:55 +00:00
Jan Alexander Steffens d04972b60c FS#69212: Reenable multimedia test drivers 2021-01-31 01:33:42 +00:00
Jan Alexander Steffens 9d28b37b79 5.10.12.arch1-1 2021-01-31 01:33:39 +00:00
Jan Alexander Steffens cf0be7beee 5.10.11.arch1-1 2021-01-27 15:42:47 +00:00
Jan Alexander Steffens 66b09ae393 5.10.10.arch1-1 2021-01-24 00:56:16 +00:00
Jan Alexander Steffens 460787f437 5.10.9.arch1-1 2021-01-19 23:33:14 +00:00
Jan Alexander Steffens 732488a858 5.10.8.arch1-1 2021-01-17 23:12:23 +00:00
Jan Alexander Steffens 0007db0e69 5.10.7.arch1-1 2021-01-13 13:01:40 +00:00
Jan Alexander Steffens c19564ecfa 5.10.6.arch1-1 2021-01-09 19:17:04 +00:00
Jan Alexander Steffens 29ab84e2ba 5.10.5.arch1-1 2021-01-07 12:05:32 +00:00
Jan Alexander Steffens 8ffb940e20 5.10.4.arch2-1 2021-01-01 06:17:42 +00:00
Jan Alexander Steffens 87cfb1a823 Reenable MTD_PHRAM
Can be used with syslinux's memdiskfind to mount a filesystem image.
2021-01-01 06:17:41 +00:00
Jan Alexander Steffens 45857ed86c Enable SECURITY_DMESG_RESTRICT
Default on Debian, and seems to be reasonable for us since we also don't
allow access to the system journal by default.
2020-12-31 01:18:17 +00:00
Jan Alexander Steffens b54786ee1f 5.10.4.arch1-1 2020-12-31 01:18:16 +00:00
Jan Alexander Steffens 66ead9f4aa 5.10.3.arch1-1 2020-12-27 12:02:15 +00:00
Jan Alexander Steffens ddeb06b257 Revert two config changes
As requested by Levente.
2020-12-22 01:33:12 +00:00
Jan Alexander Steffens 5ee180e682 5.10.2.arch1-1 2020-12-21 20:50:34 +00:00
Jan Alexander Steffens c6467751e8 Update sums 2020-12-18 23:32:11 +00:00
Jan Alexander Steffens 056e1229cd Disable DCCP (still affected by CVE-2020-16119) 2020-12-18 17:58:35 +00:00
Jan Alexander Steffens 8c2a9a8da9 FS#68978 Enable SoundWire machine driver 2020-12-16 14:37:37 +00:00
Jan Alexander Steffens e32e0ba50d 5.10.1.arch1-1 2020-12-15 21:22:15 +00:00
Jan Alexander Steffens d0179d6259 5.9.14.arch1-1 2020-12-12 22:02:25 +00:00
Jan Alexander Steffens 01bedab48a 5.9.13.arch1-1 2020-12-08 13:13:09 +00:00
Jan Alexander Steffens 7c79d74fff 5.9.12.arch1-1 2020-12-02 17:23:51 +00:00
Jan Alexander Steffens fe6596ab57 5.9.11.arch2-1 2020-11-28 02:51:37 +00:00
Jan Alexander Steffens 0b08d44ef8 5.9.11.arch1-1 2020-11-24 16:27:08 +00:00
Jan Alexander Steffens 85e1041b01 5.9.10.arch1-1 2020-11-22 15:26:46 +00:00
Jan Alexander Steffens 6be6ead80b 5.9.9.arch1-1 2020-11-18 20:51:25 +00:00
Jan Alexander Steffens 706a33e2de 5.9.8.arch1-1 2020-11-10 23:52:19 +00:00
Jan Alexander Steffens 141dd23c01 5.9.7.arch1-1 2020-11-10 15:00:15 +00:00
Jan Alexander Steffens 073b042f87 5.9.6.arch1-1 2020-11-05 21:49:56 +00:00
Jan Alexander Steffens 1bcde0c2d1 5.9.5.arch2-1 2020-11-05 15:05:22 +00:00
Jan Alexander Steffens 87febd662a 5.9.4.arch1-1 2020-11-04 22:42:21 +00:00
Jan Alexander Steffens 34b501df44 5.9.3.arch1-1 2020-11-01 14:53:55 +00:00
Jan Alexander Steffens dea8c573f1 5.9.2.arch1-1 2020-10-29 18:18:58 +00:00
Jan Alexander Steffens a9e6574b98 5.9.1.arch1-1 2020-10-17 14:45:48 +00:00
Jan Alexander Steffens 2c8951be72 5.9.arch1-1 2020-10-12 21:06:00 +00:00
Jan Alexander Steffens dc92454675 5.8.14.arch1-1: FS#68092 Restore HDA prealloc 2020-10-07 23:59:36 +00:00
Jan Alexander Steffens f6fda030c2 5.8.13.arch1-1 2020-10-01 21:59:37 +00:00
Jan Alexander Steffens 4ec9ebe04a 5.8.12.arch1-1 2020-09-26 23:12:41 +00:00
Jan Alexander Steffens 5433c11e0e 5.8.11.arch1-1 2020-09-24 17:38:11 +00:00
Jan Alexander Steffens d39b43e014 5.8.10.arch1-1 2020-09-17 18:56:28 +00:00
Jan Alexander Steffens 1a3aa2b5c6 5.8.9.arch2-1 2020-09-14 01:30:07 +00:00
Jan Alexander Steffens 7722de06ba 5.8.9.arch1-1 2020-09-13 23:34:48 +00:00
Jan Alexander Steffens abbabff91a 5.8.8.arch1-1 2020-09-09 20:07:15 +00:00
Jan Alexander Steffens 556fc02660 5.8.7.arch1-1 2020-09-05 13:22:51 +00:00
Jan Alexander Steffens ea62179998 5.8.6.arch1-1 2020-09-03 18:54:38 +00:00
Jan Alexander Steffens 09a3f454bd 5.8.5.arch1-1 2020-08-27 20:01:26 +00:00
Jan Alexander Steffens b69a10324d 5.8.4.arch1-1 2020-08-26 19:44:43 +00:00
Jan Alexander Steffens 7984c04fb1 5.8.3.arch1-1 2020-08-21 18:03:45 +00:00
Jan Alexander Steffens 0f4a2e284f 5.8.2.arch1-1 2020-08-20 21:40:15 +00:00
Jan Alexander Steffens 15b630a385 5.8.1.arch1-2 2020-08-16 19:01:58 +00:00
Jan Alexander Steffens ebf81a0b24 5.8.1.arch1-1 2020-08-12 19:43:08 +00:00
Jan Alexander Steffens 04d29ded1f 5.8.arch1-2: Enable MEM_SOFT_DIRTY (FS#67509) and USERFAULTFD (FS#62780) 2020-08-09 01:43:59 +00:00
Jan Alexander Steffens 3b798b5973 5.8.arch1-1 2020-08-03 20:08:49 +00:00
Jan Alexander Steffens 6f2434369d 5.7.12.arch1-1 2020-07-31 18:33:21 +00:00
Jan Alexander Steffens ad5bfbb468 5.7.11.arch1-1 2020-07-29 22:37:08 +00:00
Jan Alexander Steffens ab2cd357d4 5.7.10.arch1-1 2020-07-22 20:52:26 +00:00
Jan Alexander Steffens 7aeb19a664 5.7.9.arch1-1 2020-07-16 20:52:28 +00:00
Jan Alexander Steffens d45dd6cdc9 5.7.8.arch1-1 2020-07-09 18:51:38 +00:00
Jan Alexander Steffens fbec51332d 5.7.7.arch1-1 2020-07-01 16:03:39 +00:00
Jan Alexander Steffens 86fcfba038 5.7.6.arch1-1 2020-06-25 01:09:41 +00:00
Jan Alexander Steffens 9ae891e5fc 5.7.5.arch1-1 2020-06-22 09:09:14 +00:00
Jan Alexander Steffens bc168a108d 5.7.4.arch1-1 2020-06-18 16:57:35 +00:00
Jan Alexander Steffens c55f0296cc 5.7.3.arch1-1 2020-06-17 21:58:44 +00:00
Jan Alexander Steffens 9b95df05fa 5.7.2.arch1-1 2020-06-11 00:16:02 +00:00
Jan Alexander Steffens 2db27e8ef8 5.7.1.arch1-1 2020-06-07 13:06:32 +00:00
Jan Alexander Steffens 56cd81178e 5.7.arch1-1 2020-06-02 00:16:56 +00:00
Jan Alexander Steffens 331cab0a7d 5.6.15.arch1-1 2020-05-28 00:29:18 +00:00
Jan Alexander Steffens f87576020f 5.6.14.arch1-1 2020-05-20 22:55:57 +00:00
Jan Alexander Steffens f7d374d6e8 5.6.13.arch1-1 2020-05-14 07:42:59 +00:00
Jan Alexander Steffens bdeb8288ed 5.6.12.arch1-1 2020-05-10 11:30:48 +00:00
Jan Alexander Steffens ad905cb867 5.6.11.arch3-1: more GCC 10 fixes 2020-05-09 19:59:19 +00:00
Jan Alexander Steffens 8b3b703617 5.6.11.arch2-1: GCC 10 2020-05-08 20:35:46 +00:00
Jan Alexander Steffens c7ae8d746e 5.6.11.arch1-1 2020-05-06 19:23:33 +00:00
Jan Alexander Steffens 1773e7347a 5.6.10.arch1-1 2020-05-02 20:43:17 +00:00
Jan Alexander Steffens 3472c2c41f 5.6.9.arch1-1 2020-05-02 13:07:14 +00:00
Jan Alexander Steffens 6f75f24bf0 5.6.8.arch1-1 2020-04-29 17:50:10 +00:00
Jan Alexander Steffens 483474f304 5.6.7.arch1-1 2020-04-23 10:01:48 +00:00
Jan Alexander Steffens 027c7d74cd 5.6.6.arch1-1 2020-04-21 11:48:37 +00:00
Jan Alexander Steffens 08678233d5 5.6.5.arch3-1 2020-04-19 14:19:56 +00:00
Jan Alexander Steffens db2f694f61 5.6.5.arch2-1 2020-04-18 23:13:32 +00:00
Jan Alexander Steffens abda2df350 5.6.5.arch1-1 2020-04-17 21:46:53 +00:00
Jan Alexander Steffens a230db8755 5.6.4.arch1-1 2020-04-13 13:19:35 +00:00
Jan Alexander Steffens 135210db75 5.6.3.arch1-1 2020-04-08 08:45:18 +00:00
Jan Alexander Steffens f4bf2c8d61 Put lockdown LSM into default initialization list 2020-04-06 22:36:28 +00:00
Jan Alexander Steffens d917c0fbc9 5.6.2.arch1-2: FS#66076 disable EFI_DISABLE_PCI_DMA 2020-04-05 05:38:14 +00:00