diff options
Diffstat (limited to 'init/Kconfig')
| -rw-r--r-- | init/Kconfig | 39 |
1 files changed, 16 insertions, 23 deletions
diff --git a/init/Kconfig b/init/Kconfig index 5496f307988e..79383d3aa5dc 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -118,6 +118,7 @@ config HAVE_KERNEL_LZ4 choice prompt "Kernel compression mode" default KERNEL_GZIP + depends on HAVE_KERNEL_GZIP || HAVE_KERNEL_BZIP2 || HAVE_KERNEL_LZMA || HAVE_KERNEL_XZ || HAVE_KERNEL_LZO || HAVE_KERNEL_LZ4 help The linux kernel is a kind of self-extracting executable. Several compression algorithms are available, which differ @@ -136,13 +137,6 @@ choice If in doubt, select 'gzip' -config KERNEL_UNCOMPRESSED - bool "No compression" - help - No compression at all. The kernel is huge but the compression and - decompression times are zero. - This is usually not what you want. - config KERNEL_GZIP bool "Gzip" depends on HAVE_KERNEL_GZIP @@ -307,20 +301,6 @@ config AUDIT_TREE depends on AUDITSYSCALL select FSNOTIFY -config AUDIT_LOGINUID_IMMUTABLE - bool "Make audit loginuid immutable" - depends on AUDIT - help - The config option toggles if a task setting its loginuid requires - CAP_SYS_AUDITCONTROL or if that task should require no special permissions - but should instead only allow setting its loginuid if it was never - previously set. On systems which use systemd or a similar central - process to restart login services this should be set to true. On older - systems in which an admin would typically have to directly stop and - start processes this should be set to false. Setting this to true allows - one to drop potentially dangerous capabilites from the login tasks, - but may not be backwards compatible with older init systems. - source "kernel/irq/Kconfig" source "kernel/time/Kconfig" @@ -851,7 +831,7 @@ config NUMA_BALANCING_DEFAULT_ENABLED default y depends on NUMA_BALANCING help - If set, autonumic NUMA balancing will be enabled if running on a NUMA + If set, automatic NUMA balancing will be enabled if running on a NUMA machine. config NUMA_BALANCING @@ -862,7 +842,7 @@ config NUMA_BALANCING help This option adds support for automatic NUMA aware memory/task placement. The mechanism is quite primitive and is based on migrating memory when - it is references to the node the task is running on. + it has references to the node the task is running on. This system will be inactive on UMA systems. @@ -1675,6 +1655,18 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL +config SYSTEM_TRUSTED_KEYRING + bool "Provide system-wide ring of trusted keys" + depends on KEYS + help + Provide a system keyring to which trusted keys can be added. Keys in + the keyring are considered to be trusted. Keys may be added at will + by the kernel from compiled-in data and from hardware key stores, but + userspace may only add extra keys if those keys can be verified by + keys already in the keyring. + + Keys in this keyring are used by module signature checking. + menuconfig MODULES bool "Enable loadable module support" option modules @@ -1748,6 +1740,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES + select SYSTEM_TRUSTED_KEYRING select KEYS select CRYPTO select ASYMMETRIC_KEY_TYPE |