diff options
Diffstat (limited to 'init/Kconfig')
-rw-r--r-- | init/Kconfig | 277 |
1 files changed, 126 insertions, 151 deletions
diff --git a/init/Kconfig b/init/Kconfig index 235c7a2c0d20..22320804fbaf 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -285,7 +285,7 @@ config FHANDLE config USELIB bool "uselib syscall" - default y + def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION help This option enables the uselib syscall, a system call used in the dynamic linker from libc5 and earlier. glibc does not use this @@ -299,20 +299,15 @@ config AUDIT help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for - logging of avc messages output). Does not do system-call - auditing without CONFIG_AUDITSYSCALL. + logging of avc messages output). System call auditing is included + on architectures which support it. config HAVE_ARCH_AUDITSYSCALL bool config AUDITSYSCALL - bool "Enable system-call auditing support" + def_bool y depends on AUDIT && HAVE_ARCH_AUDITSYSCALL - default y if SECURITY_SELINUX - help - Enable low-overhead system-call auditing infrastructure that - can be used independently or with another kernel subsystem, - such as SELinux. config AUDIT_WATCH def_bool y @@ -940,95 +935,24 @@ menuconfig CGROUPS if CGROUPS -config CGROUP_DEBUG - bool "Example debug cgroup subsystem" - default n - help - This option enables a simple cgroup subsystem that - exports useful debugging information about the cgroups - framework. - - Say N if unsure. - -config CGROUP_FREEZER - bool "Freezer cgroup subsystem" - help - Provides a way to freeze and unfreeze all tasks in a - cgroup. - -config CGROUP_PIDS - bool "PIDs cgroup subsystem" - help - Provides enforcement of process number limits in the scope of a - cgroup. Any attempt to fork more processes than is allowed in the - cgroup will fail. PIDs are fundamentally a global resource because it - is fairly trivial to reach PID exhaustion before you reach even a - conservative kmemcg limit. As a result, it is possible to grind a - system to halt without being limited by other cgroup policies. The - PIDs cgroup subsystem is designed to stop this from happening. - - It should be noted that organisational operations (such as attaching - to a cgroup hierarchy will *not* be blocked by the PIDs subsystem), - since the PIDs limit only affects a process's ability to fork, not to - attach to a cgroup. - -config CGROUP_DEVICE - bool "Device controller for cgroups" - help - Provides a cgroup implementing whitelists for devices which - a process in the cgroup can mknod or open. - -config CPUSETS - bool "Cpuset support" - help - This option will let you create and manage CPUSETs which - allow dynamically partitioning a system into sets of CPUs and - Memory Nodes and assigning tasks to run only within those sets. - This is primarily useful on large SMP or NUMA systems. - - Say N if unsure. - -config PROC_PID_CPUSET - bool "Include legacy /proc/<pid>/cpuset file" - depends on CPUSETS - default y - -config CGROUP_CPUACCT - bool "Simple CPU accounting cgroup subsystem" - help - Provides a simple Resource Controller for monitoring the - total CPU consumed by the tasks in a cgroup. - config PAGE_COUNTER bool config MEMCG - bool "Memory Resource Controller for Control Groups" + bool "Memory controller" select PAGE_COUNTER select EVENTFD help - Provides a memory resource controller that manages both anonymous - memory and page cache. (See Documentation/cgroups/memory.txt) + Provides control over the memory footprint of tasks in a cgroup. config MEMCG_SWAP - bool "Memory Resource Controller Swap Extension" + bool "Swap controller" depends on MEMCG && SWAP help - Add swap management feature to memory resource controller. When you - enable this, you can limit mem+swap usage per cgroup. In other words, - when you disable this, memory resource controller has no cares to - usage of swap...a process can exhaust all of the swap. This extension - is useful when you want to avoid exhaustion swap but this itself - adds more overheads and consumes memory for remembering information. - Especially if you use 32bit system or small memory system, please - be careful about enabling this. When memory resource controller - is disabled by boot option, this will be automatically disabled and - there will be no overhead from this. Even when you set this config=y, - if boot option "swapaccount=0" is set, swap will not be accounted. - Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page - size is 4096bytes, 512k per 1Gbytes of swap. + Provides control over the swap space consumed by tasks in a cgroup. + config MEMCG_SWAP_ENABLED - bool "Memory Resource Controller Swap Extension enabled by default" + bool "Swap controller enabled by default" depends on MEMCG_SWAP default y help @@ -1040,46 +964,44 @@ config MEMCG_SWAP_ENABLED For those who want to have the feature enabled by default should select this option (if, for some reason, they need to disable it then swapaccount=0 does the trick). -config MEMCG_KMEM - bool "Memory Resource Controller Kernel Memory accounting" - depends on MEMCG - depends on SLUB || SLAB - help - The Kernel Memory extension for Memory Resource Controller can limit - the amount of memory used by kernel objects in the system. Those are - fundamentally different from the entities handled by the standard - Memory Controller, which are page-based, and can be swapped. Users of - the kmem extension can use it to guarantee that no group of processes - will ever exhaust kernel resources alone. -config CGROUP_HUGETLB - bool "HugeTLB Resource Controller for Control Groups" - depends on HUGETLB_PAGE - select PAGE_COUNTER +config BLK_CGROUP + bool "IO controller" + depends on BLOCK default n - help - Provides a cgroup Resource Controller for HugeTLB pages. - When you enable this, you can put a per cgroup limit on HugeTLB usage. - The limit is enforced during page fault. Since HugeTLB doesn't - support page reclaim, enforcing the limit at page fault time implies - that, the application will get SIGBUS signal if it tries to access - HugeTLB pages beyond its limit. This requires the application to know - beforehand how much HugeTLB pages it would require for its use. The - control group is tracked in the third page lru pointer. This means - that we cannot use the controller with huge page less than 3 pages. + ---help--- + Generic block IO controller cgroup interface. This is the common + cgroup interface which should be used by various IO controlling + policies. -config CGROUP_PERF - bool "Enable perf_event per-cpu per-container group (cgroup) monitoring" - depends on PERF_EVENTS && CGROUPS - help - This option extends the per-cpu mode to restrict monitoring to - threads which belong to the cgroup specified and run on the - designated cpu. + Currently, CFQ IO scheduler uses it to recognize task groups and + control disk bandwidth allocation (proportional time slice allocation) + to such task groups. It is also used by bio throttling logic in + block layer to implement upper limit in IO rates on a device. - Say N if unsure. + This option only enables generic Block IO controller infrastructure. + One needs to also enable actual IO controlling logic/policy. For + enabling proportional weight division of disk bandwidth in CFQ, set + CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set + CONFIG_BLK_DEV_THROTTLING=y. + + See Documentation/cgroups/blkio-controller.txt for more information. + +config DEBUG_BLK_CGROUP + bool "IO controller debugging" + depends on BLK_CGROUP + default n + ---help--- + Enable some debugging help. Currently it exports additional stat + files in a cgroup which can be useful for debugging. + +config CGROUP_WRITEBACK + bool + depends on MEMCG && BLK_CGROUP + default y menuconfig CGROUP_SCHED - bool "Group CPU scheduler" + bool "CPU controller" default n help This feature lets CPU scheduler recognize task groups and control CPU @@ -1116,41 +1038,95 @@ config RT_GROUP_SCHED endif #CGROUP_SCHED -config BLK_CGROUP - bool "Block IO controller" - depends on BLOCK - default n - ---help--- - Generic block IO controller cgroup interface. This is the common - cgroup interface which should be used by various IO controlling - policies. +config CGROUP_PIDS + bool "PIDs controller" + help + Provides enforcement of process number limits in the scope of a + cgroup. Any attempt to fork more processes than is allowed in the + cgroup will fail. PIDs are fundamentally a global resource because it + is fairly trivial to reach PID exhaustion before you reach even a + conservative kmemcg limit. As a result, it is possible to grind a + system to halt without being limited by other cgroup policies. The + PIDs cgroup subsystem is designed to stop this from happening. - Currently, CFQ IO scheduler uses it to recognize task groups and - control disk bandwidth allocation (proportional time slice allocation) - to such task groups. It is also used by bio throttling logic in - block layer to implement upper limit in IO rates on a device. + It should be noted that organisational operations (such as attaching + to a cgroup hierarchy will *not* be blocked by the PIDs subsystem), + since the PIDs limit only affects a process's ability to fork, not to + attach to a cgroup. - This option only enables generic Block IO controller infrastructure. - One needs to also enable actual IO controlling logic/policy. For - enabling proportional weight division of disk bandwidth in CFQ, set - CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set - CONFIG_BLK_DEV_THROTTLING=y. +config CGROUP_FREEZER + bool "Freezer controller" + help + Provides a way to freeze and unfreeze all tasks in a + cgroup. - See Documentation/cgroups/blkio-controller.txt for more information. + This option affects the ORIGINAL cgroup interface. The cgroup2 memory + controller includes important in-kernel memory consumers per default. -config DEBUG_BLK_CGROUP - bool "Enable Block IO controller debugging" - depends on BLK_CGROUP + If you're using cgroup2, say N. + +config CGROUP_HUGETLB + bool "HugeTLB controller" + depends on HUGETLB_PAGE + select PAGE_COUNTER default n - ---help--- - Enable some debugging help. Currently it exports additional stat - files in a cgroup which can be useful for debugging. + help + Provides a cgroup controller for HugeTLB pages. + When you enable this, you can put a per cgroup limit on HugeTLB usage. + The limit is enforced during page fault. Since HugeTLB doesn't + support page reclaim, enforcing the limit at page fault time implies + that, the application will get SIGBUS signal if it tries to access + HugeTLB pages beyond its limit. This requires the application to know + beforehand how much HugeTLB pages it would require for its use. The + control group is tracked in the third page lru pointer. This means + that we cannot use the controller with huge page less than 3 pages. -config CGROUP_WRITEBACK - bool - depends on MEMCG && BLK_CGROUP +config CPUSETS + bool "Cpuset controller" + help + This option will let you create and manage CPUSETs which + allow dynamically partitioning a system into sets of CPUs and + Memory Nodes and assigning tasks to run only within those sets. + This is primarily useful on large SMP or NUMA systems. + + Say N if unsure. + +config PROC_PID_CPUSET + bool "Include legacy /proc/<pid>/cpuset file" + depends on CPUSETS default y +config CGROUP_DEVICE + bool "Device controller" + help + Provides a cgroup controller implementing whitelists for + devices which a process in the cgroup can mknod or open. + +config CGROUP_CPUACCT + bool "Simple CPU accounting controller" + help + Provides a simple controller for monitoring the + total CPU consumed by the tasks in a cgroup. + +config CGROUP_PERF + bool "Perf controller" + depends on PERF_EVENTS + help + This option extends the perf per-cpu mode to restrict monitoring + to threads which belong to the cgroup specified and run on the + designated cpu. + + Say N if unsure. + +config CGROUP_DEBUG + bool "Example controller" + default n + help + This option enables a simple controller that exports + debugging information about the cgroups framework. + + Say N. + endif # CGROUPS config CHECKPOINT_RESTORE @@ -1200,10 +1176,9 @@ config USER_NS to provide different user info for different servers. When user namespaces are enabled in the kernel it is - recommended that the MEMCG and MEMCG_KMEM options also be - enabled and that user-space use the memory control groups to - limit the amount of memory a memory unprivileged users can - use. + recommended that the MEMCG option also be enabled and that + user-space use the memory control groups to limit the amount + of memory a memory unprivileged users can use. If unsure, say N. |