Kindly support DOTSLASHLINUX on Patreon to keep the website up and running while remaining ads free.
| Part | Section | Link |
|---|---|---|
| 1 | Intro | Click Here |
| 2 | [∗] Gentoo Linux support ---> | Click Here |
| 3 | General setup ---> | Click Here |
| 4 | [∗] Enable loadable module support ---> | Click Here |
| 5 | [∗] Enable the block layer ---> | Click Here |
| 6 | Processor type and features ---> | Click Here |
| 7 | Power management and ACPI options ---> | Click Here |
| 8 | Bus options (PCI etc.) ---> | Click Here |
| 9 | Executable file formats / Emulations ---> | Click Here |
| 10 | [∗] Networking support ---> | Click Here |
| 11 | Device Drivers ---> | Click Here |
| 12 | Firmware Drivers ---> | Click Here |
| 13 | File systems ---> | Click Here |
| 14 | Kernel hacking ---> | Click Here |
| 15 | Security options ---> | Click Here |
| 16 | -∗- Cryptographic API ---> | Click Here |
| 17 | [∗] Virtualization ---> | Click Here |
| 18 | Library routines ---> | Click Here |
Kernel Sources: sys-kernel/gentoo-sources
Kernel Version: 4.14.12
Last Updated on: 06/01/2018
Update Notice: 1- Excluded 'CONFIG_PAGE_TABLE_ISOLATION' in 'Security options --->'
2- Included 'CONFIG_STANDALONE' in 'Device Drivers --->'
3- Included 'CONFIG_PREVENT_FIRMWARE_BUILD' in 'Device Drivers --->'
4- Included 'CONFIG_X86_5LEVEL' in 'Processor type and features --->'
5- Included 'CONFIG_ORC_UNWINDER' in 'Kernel hacking --->'
6- Excluded QEMU-virtualization-related options in favor of VirtualBox
7- Excluded swap-related options
8- Excluded 32-bit support
9- Switched from XFS to EXT4
Priorities: 1- high performance
2- minimal
3- low memory footprint
4- small size
5- power saving
6- security
7- low-latency
Total Options: 2469 (grep -c 'CONFIG_' DOTSLASHLINUX.config)
Included Options: 645 (grep -c '=y' DOTSLASHLINUX.config)
Excluded Options: 1761 (grep -c 'is not set' DOTSLASHLINUX.config)
Final Size (LZ4): 5,644,240 Bytes
Patches Applied: 1- UKSM-4.14 Patch (https://github.com/dolohow/uksm/blob/master/uksm-4.14.patch)
Contributors: Firas Khalil Khana [irc: firas] [email: firasuke@gmail.com]
Side Notes: 1- Options that aren't listed here are excluded [ ].
2- These guides provide users with a solid starting setup to build on.
3- These guides are constantly being updated.
4- If there's something I didn't explain properly or I misexplained
then please do let me know either by kindly leaving a comment below
or by sending me an email on: firasuke@gmail.comThe Linux Kernel Configuration Guide Part 15 - Security options --->
Firas Khalil Khana | 15/09/2017
While security is important, it isn’t a high priority in this series (although we’ve gone through some options related to security).
You know what they say “There isn’t a 100% secure system”. You have to find the right balance between conveniency, usability and security otherwise you can easily render a system unusable if you beefed security up to an insane level.
I’d recommend (at least as a starting point) that you leave all options in this section excluded (or only include those required by other options).
Default security module (Unix Discretionary Access Controls) —>
Help: Select the security module that will be used by default if the
kernel parameter security= is not specified.
(X) Unix Discretionary Access Controls
Symbol: CONFIG_DEFAULT_SECURITY_DAC
Help: There is no help available for this option.
Type: boolean
Choice: built-in (X)
Reason: It's highly recommended that you include this option in your kernel
(that is if it isn't already forcibly included as it's the only
option available on many systems).
Chinese Translation
One of DOTSLASHLINUX followers 杨鑫 (Yang Mame) from China, decided to follow up with the series and provide Chinese translation of the kernel configuration guides on his blog.To read this guide in Chinese click here.
Leave A Comment