Kindly support DOTSLASHLINUX on Patreon to keep the website up and running while remaining ads free.
Part | Section | Link |
---|---|---|
1 | Intro | Click Here |
2 | [∗] Gentoo Linux support ---> | Click Here |
3 | General setup ---> | Click Here |
4 | [∗] Enable loadable module support ---> | Click Here |
5 | [∗] Enable the block layer ---> | Click Here |
6 | Processor type and features ---> | Click Here |
7 | Power management and ACPI options ---> | Click Here |
8 | Bus options (PCI etc.) ---> | Click Here |
9 | Executable file formats / Emulations ---> | Click Here |
10 | [∗] Networking support ---> | Click Here |
11 | Device Drivers ---> | Click Here |
12 | Firmware Drivers ---> | Click Here |
13 | File systems ---> | Click Here |
14 | Kernel hacking ---> | Click Here |
15 | Security options ---> | Click Here |
16 | -∗- Cryptographic API ---> | Click Here |
17 | [∗] Virtualization ---> | Click Here |
18 | Library routines ---> | Click Here |
Kernel Sources: sys-kernel/gentoo-sources
Kernel Version: 4.14.12
Last Updated on: 06/01/2018
Update Notice: 1- Excluded 'CONFIG_PAGE_TABLE_ISOLATION' in 'Security options --->'
2- Included 'CONFIG_STANDALONE' in 'Device Drivers --->'
3- Included 'CONFIG_PREVENT_FIRMWARE_BUILD' in 'Device Drivers --->'
4- Included 'CONFIG_X86_5LEVEL' in 'Processor type and features --->'
5- Included 'CONFIG_ORC_UNWINDER' in 'Kernel hacking --->'
6- Excluded QEMU-virtualization-related options in favor of VirtualBox
7- Excluded swap-related options
8- Excluded 32-bit support
9- Switched from XFS to EXT4
Priorities: 1- high performance
2- minimal
3- low memory footprint
4- small size
5- power saving
6- security
7- low-latency
Total Options: 2469 (grep -c 'CONFIG_' DOTSLASHLINUX.config)
Included Options: 645 (grep -c '=y' DOTSLASHLINUX.config)
Excluded Options: 1761 (grep -c 'is not set' DOTSLASHLINUX.config)
Final Size (LZ4): 5,644,240 Bytes
Patches Applied: 1- UKSM-4.14 Patch (https://github.com/dolohow/uksm/blob/master/uksm-4.14.patch)
Contributors: Firas Khalil Khana [irc: firas] [email: firasuke@gmail.com]
Side Notes: 1- Options that aren't listed here are excluded [ ].
2- These guides provide users with a solid starting setup to build on.
3- These guides are constantly being updated.
4- If there's something I didn't explain properly or I misexplained
then please do let me know either by kindly leaving a comment below
or by sending me an email on: firasuke@gmail.com
Before starting with the General setup section, there’s this important option just before it:
Symbol: CONFIG_64BIT
Help: Say yes to build a 64-bit kernel - formerly known as x86_64
Say no to build a 32-bit kernel - formerly known as i386
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option if you plan to
use the custom built kernel on a 64-bit system.
Symbol: CONFIG_CROSS_COMPILE
Help: Same as running 'make CROSS_COMPILE=prefix-' but stored for
default make runs in this kernel build directory. You don't
need to set this unless you want the configured kernel build
directory to select the cross-compiler automatically.
Type: string
Choice: excluded ()
Reason: You can safely exclude this option if you're not building this kernel
for another machine (an ARM device perhaps).
Symbol: CONFIG_COMPILE_TEST
Help: Some drivers can be compiled on a different platform than they are
intended to be run on. Despite they cannot be loaded there (or even
when they load they cannot be used due to missing HW support),
developers still, opposing to distributors, might want to build such
drivers to compile-test them.
If you are a developer and want to build everything available, say Y
here. If you are a user/distributor, say N here to exclude useless
drivers to be distributed.
Type: boolean
Choice: excluded [ ]
Reason: You can safely leave the value of this option empty if you don't plan
to build drivers for different architectures as it's for developing purposes.
Symbol: CONFIG_LOCALVERSION
Help: Append an extra string to the end of your kernel version.
This will show up when you type uname, for example.
The string you set here will be appended after the contents of
any files with a filename matching localversion∗ in your
object and source tree, in that order. Your total string can
be a maximum of 64 characters.
Type: string
Choice: excluded ()
Reason: You can safely leave the value of this option empty as it's only needed
for those who build custom kernels and don't want to lose track of their
kernels by appending extra strings to the end of the kernel's version.
Symbol: CONFIG_LOCALVERSION_AUTO
Help: This will try to automatically determine if the current tree is a
release tree by looking for git tags that belong to the current
top of tree revision.
A string of the format -gxxxxxxxx will be added to the localversion
if a git-based tree is found. The string generated by this will be
appended after any matching localversion∗ files, and after the value
set in CONFIG_LOCALVERSION.
(The actual string used here is the first eight characters produced
by running the command:
$ git rev-parse --verify HEAD
which is done within the script "scripts/setlocalversion".)
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as CONFIG_LOCALVERSION should be
sufficient for those who don't want to lose track of their custom
built kernels.
Symbol: CONFIG_KERNEL_LZ4
Help: LZ4 is an LZ77-type compressor with a fixed, byte-oriented encoding.
A preliminary version of LZ4 de/compression tool is available at
<https://code.google.com/p/lz4>.
Its compression ratio is worse than LZO. The size of the kernel
is about 8% bigger than LZO. But the decompression speed is
faster than LZO.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your
kernel as LZ4 provides the fastest decompression speed out of
all compression methods and decompression speed is what matters
when measuring boot times.
Include this option if you're on a slow storage system (a 5400rpm
HDD for example).
If you're using an extremely fast storage system then you may tru
CONFIG_KERNEL_XZ as it provides the smallest kernel size out of all
compression methods and it may (although rarely) speed up boot time
compared to LZ4 by an extremely small amount of time (less than 100ms).
Furthermore, in some case using an uncompressed kernel slowed boot time down
by 300-500ms. Again if your storage is extremely fast then I suggest you use
an uncompressed kernel (you can find several patches online for building an
uncompressed kernel and I'll be talking about applying patches to the linux kernel
really soon).
Exclude every other compression method and make sure that you have the
proper tools for compression to prevent errors from popping up.
Symbol: CONFIG_DEFAULT_HOSTNAME
Help: This option determines the default system hostname before userspace
calls sethostname(2). The kernel traditionally uses "(none)" here,
but you may wish to use a different default here to make a minimal
system more usable with less configuration.
Type: string
Choice: DOTSLASHLINUX
Reason: It's recommended if your system's default hostname was set here (rather than
relying on the hostname boot service) if you're building this kernel for your
current system.
You know what they say the less services you have at boot time, the faster your
system boots.
Symbol: CONFIG_SWAP
Help: This option allows you to choose whether you want to have support
for so called swap devices or swap files in your kernel that are
used to provide more virtual memory than the actual RAM present
in your computer. If unsure say Y.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
as swap is a must have feature on all systems.
My system has 7.7 GiB of ram and idles at ~60MiB of ram on dwm so
basically why use swap? It was until recently that I was forced to
add swap space after running swapless builds for 2 years now.
I had 9 jobs running, and was trying to build chromium from source,
while browsing the web on my seamonkey web browser. Suddenly my system
lagged horribly (I had my customization set to maximum throughput) and
chromium stopped at about 60% saying it ran out of memory (virtual memory).
So yeah I had to reinstall gentoo to get my swap space up and running.
After I learned my lesson the hard way, I'm now convinced that all systems
need a swap partition.
I went with 15.4 GiB of swap space since I tend to open lots of apps when
compiling.
Symbol: CONFIG_SYSVIPC
Help: Inter Process Communication is a suite of library functions and
system calls which let processes (running programs) synchronize and
exchange information. It is generally considered to be a good thing,
and some programs won't run unless you say Y here. In particular, if
you want to run the DOS emulator dosemu under Linux (read the
DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
you'll need to say Y here
You can find documentation about IPC with "info ipc" and also in
section 6.4 of the Linux Programmer's Guide, available from
<http://www.tldp.org/guides.html>.
Type: boolean
Choice: built-in -∗-
Reason: It's highly recommended that you include this option in your kernel
(that is if it isn't already forcibly included by CONFIG_GENTOO_LINUX
and CONFIG_GENTOO_LINUX_PORTAGE).
Symbol: CONFIG_POSIX_MQUEUE
Help: POSIX variant of message queues is a part of IPC. In POSIX message
queues every message has a priority which decides about succession
of receiving it by a process. If you want to compile and run
programs written e.g. for Solaris with use of its POSIX message
queues (functions mq_∗) say Y here.
POSIX message queues are visible as a filesystem called 'mqueue'
and can be mounted somewhere if you want to do filesystem
operations on message queues
If unsure, say Y.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you won't be compiling and
running programs written for Solaris that make use of its POSIX
queues.
Symbol: CONFIG_CROSS_MEMORY_ATTACH
Help: Enabling this option adds the system calls process_vm_readv and
process_vm_writev which allow a process with the correct privileges
to directly read from or write to another process' address space.
See the man page for more details.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're sure that no application
uses these system calls.
Symbol: CONFIG_FHANDLE
Help: If you say Y here, a user level program will be able to map
file names to handle and then later use the handle for
different file system operations. This is useful in implementing
userspace file servers, which now track files using handles instead
of names. The handle would remain the same even if file names
get renamed. Enables open_by_handle_at(2) and name_to_handle_at(2)
syscalls.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
(that is if it isn't already forcibly included by CONFIG_GENTOO_LINUX,
CONFIG_GENTOO_LINUX_UDEV and CONFIG_GENTOO_LINUX_INIT_SYSTEMD).
It's one of those options that causes headaches when excluded, as you'll
probably overlook it when trying to determine the real cause behind your
boot failure.
Symbol: CONFIG_USELIB
Help: This option enables the uselib syscall, a system call used in the
dynamic linker from libc5 and earlier. glibc does not use this
system call. If you intend to run programs built on libc5 or
earlier, you may need to enable this syscall. Current systems
running glibc can safely disable this.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're on a modern system running
a modern version of glibc.
Symbol: CONFIG_AUDIT
Help: Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
logging of avc messages output). System call auditing is included
on architectures which support it.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you don't plan to use SELinux
and/or other security measures.
Symbol: CONFIG_IRQ_DOMAIN_DEBUG
Help: This option will show the mapping relationship between hardware irq
numbers and Linux irq numbers. The mapping is exposed via debugfs
in the file "irq_domain_mapping".
If you don't know what this means you don't need it.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's intended for debugging
purposes.
Symbol: CONFIG_GENERIC_IRQ_DEBUGFS
Help: Exposes internal state information through debugfs. Mostly for
developers and debugging of hard to diagnose interrupt problems.
If you don't know what to do here, say N.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's intended for developing
and debugging purposes.
Symbol: CONFIG_HZ_PERIODIC
Help: This option keeps the tick running periodically at a constant
rate, even when the CPU doesn't need it.
Type: boolean
Choice: built-in (X)
Reason: It's highly recommended that you include this option in your kernel
as it adds a slight performance boost while lowering latency.
Exclude this option if power saving is one of your concerns.
Symbol: CONFIG_NO_HZ
Help: This is the old config entry that enables dynticks idle.
We keep it around for a little while to enforce backward
compatibility with older config files.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you've already included
CONFIG_HZ_PERIODIC.
Symbol: CONFIG_HIGH_RES_TIMERS
Help: This option enables high resolution timer support. If your
hardware is not capable then this option only increases
the size of the kernel image.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're sure that no
application requires it.
Include this option if power saving is one of your concerns.
Symbol: CONFIG_TICK_CPU_ACCOUNTING
Help: This is the basic tick based cputime accounting that maintains
statistics about user, system and idle time spent on per jiffies
granularity.
If unsure, say Y.
Type: boolean
Choice: built-in [∗]
Reason: It's recommended that you include this option as
CONFIG_VIRT_CPU_ACCOUNTING_GEN is only useful at the moment
for those who are working on the full dynticks subsystem development.
Symbol: CONFIG_IRQ_TIME_ACCOUNTING
Help: Select this option to enable fine granularity task irq time
accounting. This is done by reading a timestamp on each
transitions between softirq and hardirq state, so there can be a
small performance impact.
If in doubt, say N here.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it impacts performance.
Symbol: CONFIG_BSD_PROCESS_ACCT
Help: If you say Y here, a user level program will be able to instruct the
kernel (via a special system call) to write process accounting
information to a file: whenever a process exits, information about
that process will be appended to the file by the kernel. The
information includes things such as creation time, owning user,
command name, memory usage, controlling terminal etc. (the complete
list is in the struct acct in <file:include/linux/acct.h>). It is
up to the user level program to do useful things with this
information. This is generally a good idea, so say Y.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
sys-process/htop might complain, but it's totally harmless.
Symbol: CONFIG_TASKSTATS
Help: Export selected statistics for tasks/processes through the
generic netlink interface. Unlike BSD process accounting, the
statistics are available during the lifetime of tasks/processes as
responses to commands. Like BSD accounting, they are sent to user
space on task exit.
Say N if unsure.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
sys-process/htop might complain, but it's totally harmless.
Symbol: CONFIG_RCU_EXPERT
Help: This option needs to be enabled if you wish to make
expert-level adjustments to RCU configuration. By default,
no such adjustments can be made, which has the often-beneficial
side-effect of preventing "make oldconfig" from asking you all
sorts of detailed questions about how you would like numerous
obscure RCU options to be set up.
Say Y if you need to make expert-level adjustments to RCU.
Say N if you are unsure.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's mostly for testing
purposes (especially for larger systems).
Some of the sub options that show up when including this option
may help lower latency at the cost of slight system overhead.
Symbol: CONFIG_IKCONFIG
Help: This option enables the complete Linux kernel ".config" file
contents to be saved in the kernel. It provides documentation
of which kernel options are used in a running kernel or in an
on-disk kernel. This information can be extracted from the kernel
image file with the script scripts/extract-ikconfig and used as
input to rebuild the current kernel or to build another kernel.
It can also be extracted from a running kernel by reading
/proc/config.gz if enabled (below).
Type: tristate
Choice: excluded < >
Reason: You can safely exclude this option if you already know what options
you've enabled in your kernel.
Instead of including this option, you can backup your kernel's .config
file and check that file for certain option whenever needed.
Symbol: CONFIG_LOG_BUF_SHIFT
Help: Select the minimal kernel log buffer size as a power of 2.
The final size is affected by LOG_CPU_MAX_BUF_SHIFT config
parameter, see below. Any higher size also might be forced
by "log_buf_len" boot parameter.
Examples:
17 => 128 KB
16 => 64 KB
15 => 32 KB
14 => 16 KB
13 => 8 KB
12 => 4 KB
Type: integer
Choice: (14) custom
Reason: You can safely set the value of this option to (14).
The value (14) is the lowest possible (while staying convenient)
value that provides good balance between keeping your kernel
ring buffer from being overwrited constantly while keeping your
kernel's size to a minimum.
If the output of dmesg is still being truncated (which is highly
unlikely) then consider increasing the value of this option.
Symbol: CONFIG_LOG_CPU_MAX_BUF_SHIFT
Help: This option allows to increase the default ring buffer size
according to the number of CPUs. The value defines the contribution
of each CPU as a power of 2. The used space is typically only few
lines however it might be much more when problems are reported,
e.g. backtraces.
The increased size means that a new buffer has to be allocated and
the original static one is unused. It makes sense only on systems
with more CPUs. Therefore this value is used only when the sum of
contributions is greater than the half of the default kernel ring
buffer as defined by LOG_BUF_SHIFT. The default values are set
so that more than 64 CPUs are needed to trigger the allocation.
Also this option is ignored when "log_buf_len" kernel parameter is
used as it forces an exact (power of two) size of the ring buffer.
The number of possible CPUs is used for this computation ignoring
hotplugging making the computation optimal for the worst case
scenario while allowing a simple algorithm to be used from bootup.
Examples shift values and their meaning:
17 => 128 KB for each CPU
16 => 64 KB for each CPU
15 => 32 KB for each CPU
14 => 16 KB for each CPU
13 => 8 KB for each CPU
12 => 4 KB for each CPU
Type: integer
Choice: (14) custom
Reason: You can safely set the value of this option to (14).
The value (14) is the lowest possible (while staying convenient)
value that provides good balance between keeping your kernel
ring buffer from being overwrited constantly while keeping your
kernel's size to a minimum.
If the output of dmesg is still being truncated (which is highly
unlikely) then consider increasing the value of this option.
Symbol: CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT
Help: Select the size of an alternate printk per-CPU buffer where messages
printed from usafe contexts are temporary stored. One example would
be NMI messages, another one - printk recursion. The messages are
copied to the main log buffer in a safe context to avoid a deadlock.
The value defines the size as a power of 2.
Those messages are rare and limited. The largest one is when
a backtrace is printed. It usually fits into 4KB. Select
8KB if you want to be on the safe side.
Examples:
17 => 128 KB for each CPU
16 => 64 KB for each CPU
15 => 32 KB for each CPU
14 => 16 KB for each CPU
13 => 8 KB for each CPU
12 => 4 KB for each CPU
Type: integer
Choice: (12) custom
Reason: You can safely set the value of this option to (12).
The value (12) is the lowest possible (while staying convenient)
value that provides good balance between keeping your kernel
ring buffer from being overwrited constantly while keeping your
kernel's size to a minimum.
If the output of dmesg is still being truncated (which is highly
unlikely) then consider increasing the value of this option.
Symbol: CONFIG_CGROUPS
Help: This option adds support for grouping sets of processes together, for
use with process control subsystems such as Cpusets, CFS, memory
controls or device isolation.
See
- Documentation/scheduler/sched-design-CFS.txt (CFS)
- Documentation/cgroup-v1/ (features for grouping, isolation
and resource control)
Say N if unsure.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're not using Gentoo Linux
as CGROUPS are considered 'evil' by many users.
If you're on Gentoo Linux, you'll have to first exclude
CONFIG_GENTOO_LINUX_PORTAGE.
Include this option only if your system is reporting a missing
/sys/fs/cgroup directory.
Symbol: CONFIG_CHECKPOINT_RESTORE
Help: Enables additional kernel features in a sake of checkpoint/restore.
In particular it adds auxiliary prctl codes to setup process text,
data and heap segment sizes, and a few additional /proc filesystem
entries.
If unsure, say N here.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you don't plan on using suspend
and hibernate.
Symbol: CONFIG_NAMESPACES
Help: Provides the way to make tasks work with different objects using
the same id. For example same IPC id may refer to different objects
or same user id or pid may refer to different tasks when used in
different namespaces.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're not using Gentoo Linux.
If you're on Gentoo Linux, some applications may require this option
and some of the nested options inside it (mainly CONFIG_UTS_NS and
CONFIG_IPC_NS and sometimes CONFIG_NET_NS for systemd).
Include if you're planning to use LXC (Linux Containers) or if an
application requires it (and any of the nested options inside it).
Symbol: CONFIG_SCHED_AUTOGROUP
Help: This option optimizes the scheduler for common desktop workloads by
automatically creating and populating task groups. This separation
of workloads isolates aggressive CPU burners (like build jobs) from
desktop applications. Task group autogeneration is currently based
upon task session.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you've already excluded
CONFIG_CGROUPS.
Symbol: CONFIG_SYSFS_DEPRECATED
Help: This option adds code that switches the layout of the "block" class
devices, to not show up in /sys/class/block/, but only in
/sys/block/.
This switch is only active when the sysfs.deprecated=1 boot option is
passed or the SYSFS_DEPRECATED_V2 option is set.
This option allows new kernels to run on old distributions and tools,
which might get confused by /sys/class/block/. Since 2007/2008 all
major distributions and tools handle this just fine.
Recent distributions and userspace tools after 2009/2010 depend on
the existence of /sys/class/block/, and will not work with this
option enabled.
Only if you are using a new kernel on an old distribution, you might
need to say Y here.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're using a modern up-to-date
(possibly a rolling-release) distribution.
Symbol: CONFIG_RELAY
Help: This option enables support for relay interface support in
certain file systems (such as debugfs).
It is designed to provide an efficient mechanism for tools and
facilities to relay large amounts of data from kernel space to
user space.
If unsure, say N.
Type: boolean
Choice: built-in -∗-
Reason: It's highly recommended that you include this option in your kernel
that is if it isn't already forcibly included by CONFIG_PCI,
CONFIG_DRM_I915, CONFIG_WLAN and a lot of important options.
Symbol: CONFIG_BLK_DEV_INITRD
Help: The initial RAM filesystem is a ramfs which is loaded by the
boot loader (loadlin or lilo) and that is mounted as root
before the normal boot procedure. It is typically used to
load modules needed to mount the "real" root file system,
etc. See <file:Documentation/admin-guide/initrd.rst> for details.
If RAM disk support (BLK_DEV_RAM) is also included, this
also enables initial RAM disk (initrd) support and adds
15 Kbytes (more on some other architectures) to the kernel size.
If unsure say Y.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're not using an initrd/initramfs
to boot your system.
DOTSLASHLINUX has guides on how to eliminate the need for an initrd/initramfs.
Kindly check this:
https://www.dotslashlinux.com/2017/04/29/booting-the-linux-kernel-without-an-initrd-initramfs/
and this:
https://www.dotslashlinux.com/2017/04/30/building-intel-cpu-microcode-updates-directly-into-the-linux-kernel/
Symbol: CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE
Help: This is the default optimization level for the kernel, building
with the "-O2" compiler flag for best performance and most
helpful compile-time warnings.
Type: boolean
Choice: built-in (X)
Reason: It's highly recommended that you include this option in your kernel
unless you're extremely space constrained on an embedded system.
Symbol: CONFIG_EXPERT
Help: This option allows certain base kernel options and settings
to be disabled or tweaked. This is for specialized
environments which can tolerate a "non-standard" kernel.
Only use this if you really know what you are doing.
Type: boolean
Choice: built-in [∗]
Reason: It's recommended that you include this option in your kernel
to access its sub menu and exclude some options that won't
be needed on your system.
Symbol: CONFIG_UID16
Help: This option allows certain base kernel options and settings
to be disabled or tweaked. This is for specialized
environments which can tolerate a "non-standard" kernel.
Only use this if you really know what you are doing.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it was used 12 years ago to
provide backwards compabtibility for apis using old system calls
(yes, that's how old this thing is).
Symbol: CONFIG_MULTIUSER
Help: This option enables support for non-root users, groups and
capabilities.
If you say N here, all processes will run with UID 0, GID 0, and all
possible capabilities. Saying N here also compiles out support for
system calls related to UIDs, GIDs, and capabilities, such as setuid,
setgid, and capset.
If unsure, say Y here.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
if you wanted to use a non-root user.
Symbol: CONFIG_SGETMASK_SYSCALL
Help: sys_sgetmask and sys_ssetmask are obsolete system calls
no longer supported in libc but still enabled by default in some
architectures.
If unsure, leave the default option here.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as these system calls are obsolete.
Symbol: CONFIG_SYSFS_SYSCALL
Help: sys_sysfs is an obsolete system call no longer supported in libc.
Note that disabling this option is more secure but might break
compatibility with some systems.
If unsure say Y here.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as this system call is obsolete.
Symbol: CONFIG_SYSCTL_SYSCALL
Help: sys_sysctl uses binary paths that have been found challenging
to properly maintain and use. The interface in /proc/sys
using paths with ascii names is now the primary path to this
information.
Almost nothing using the binary sysctl interface so if you are
trying to save some space it is probably safe to disable this,
making your kernel marginally smaller.
If unsure say N here.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as this system call is obsolete.
Symbol: CONFIG_POSIX_TIMERS
Help: This includes native support for POSIX timers to the kernel.
Some embedded systems have no use for them and therefore they
can be configured out to reduce the size of the kernel image.
When this option is disabled, the following syscalls won't be
available: timer_create, timer_gettime: timer_getoverrun,
timer_settime, timer_delete, clock_adjtime, getitimer,
setitimer, alarm. Furthermore, the clock_settime, clock_gettime,
clock_getres and clock_nanosleep syscalls will be limited to
CLOCK_REALTIME, CLOCK_MONOTONIC and CLOCK_BOOTTIME only.
If unsure say y.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're sure that no application
uses it.
Symbol: CONFIG_KALLSYMS
Help: Say Y here to let the kernel print out symbolic crash information and
symbolic stack backtraces. This increases the size of the kernel
somewhat, as all symbols have to be loaded into the kernel image.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's intended for debugging purposes.
Symbol: CONFIG_PRINTK
Help: This option enables normal printk support. Removing it
eliminates most of the message strings from the kernel image
and makes the kernel more or less silent. As this makes it
very difficult to diagnose system problems, saying N here is
strongly discouraged.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended to include this option in your kernel
to enable dmesg and printk support.
Symbol: CONFIG_BUG
Help: Disabling this option eliminates support for BUG and WARN, reducing
the size of your kernel image and potentially quietly ignoring
numerous fatal conditions. You should only consider disabling this
option for embedded systems with no facilities for reporting errors.
Just say Y.
Type: boolean
Choice: excluded [ ]
Reason: It's highly recommended that you include this option as it's useful
for reporting several fatal conditions on your system.
You can safely exclude this option if you had no need for it.
Symbol: CONFIG_PCSPKR_PLATFORM
Help: This option allows to disable the internal PC-Speaker
support, saving some memory.
Type: boolean
Choice: built-in [∗]
Reason: You can safely exclude this option if you don't want to hear
beeps anymore and it won't affect your normal sound experience.
Symbol: CONFIG_BASE_FULL
Help: Disabling this option reduces the size of miscellaneous core
kernel data structures. This saves memory on small machines,
but may reduce performance.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
as it adds a slight performance boost.
Symbol: CONFIG_FUTEX
Help: Disabling this option will cause the kernel to be built without
support for "fast userspace mutexes". The resulting kernel may not
run glibc-based applications correctly.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
as it's required by all glibc-based applications.
Symbol: CONFIG_EPOLL
Help: Disabling this option will cause the kernel to be built without
support for epoll family of system calls.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
as it's required by CONFIG_GENTOO_LINUX, CONFIG_GENTOO_LINUX_UDEV and
CONFIG_GENTOO_LINUX_INIT_SYSTEMD.
Symbol: CONFIG_SIGNALFD
Help: Enable the signalfd() system call that allows to receive signals
on a file descriptor.
If unsure, say Y.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
as it's required by CONFIG_GENTOO_LINUX, CONFIG_GENTOO_LINUX_UDEV and
CONFIG_GENTOO_LINUX_INIT_SYSTEMD.
Symbol: CONFIG_TIMERFD
Help: Enable the timerfd() system call that allows to receive timer
events on a file descriptor.
If unsure, say Y.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
as it's required by CONFIG_GENTOO_LINUX, CONFIG_GENTOO_LINUX_UDEV and
CONFIG_GENTOO_LINUX_INIT_SYSTEMD.
Symbol: CONFIG_EVENTFD
Help: Enable the eventfd() system call that allows to receive both
kernel notification (ie. KAIO) or userspace notifications.
If unsure, say Y.
Type: boolean
Choice: built-in [∗]
Reason: It's highly recommended that you include this option in your kernel
as it's required by CONFIG_GENTOO_LINUX, CONFIG_GENTOO_LINUX_UDEV and
CONFIG_GENTOO_LINUX_INIT_SYSTEMD.
Symbol: CONFIG_BPF_SYSCALL
Help: Enable the bpf() system call that allows to manipulate eBPF
programs and maps via file descriptors.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're not using eBPF programs.
Symbol: CONFIG_SHMEM
Help: The shmem is an internal filesystem used to manage shared memory.
It is backed by swap and manages resource limits. It is also exported
to userspace as tmpfs if TMPFS is enabled. Disabling this
option replaces shmem and tmpfs with the much simpler ramfs code,
which may be appropriate on small systems without swap.
Type: boolean
Choice: built-in -∗-
Reason: It's highly recommended that you include this option in your kernel
(that is if it isn't already forcibly included by CONFIG_GENTOO_LINUX,
CONFIG_GENTOO_LINUX_UDEV, DRM_I915 and a lot of important options).
It's also recommended that you include this option as well if you're using
a swap partition.
Symbol: CONFIG_AIO
Help: This option enables POSIX asynchronous I/O which may by used
by some high performance threaded applications. Disabling
this option saves about 7k.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as some users reported that it does
'bad' things on their respective systems.
Symbol: CONFIG_ADVISE_SYSCALLS
Help: This option enables the madvise and fadvise syscalls, used by
applications to advise the kernel about their future memory or file
usage, improving performance. If building an embedded system where no
applications use these syscalls, you can disable this option to save
space.
Type: boolean
Choice: excluded [ ]
Reason: It's highly recommended that you include this option especially if you're
using www-client/chromium as it's required by chromium's renderer.
You can safely exclude this option if it isn't required by any of your
applications.
Symbol: CONFIG_USERFAULTD
Help: Enable the userfaultfd() system call that allows to intercept and
handle page faults in userland.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_PCI_QUIRKS
Help: This enables workarounds for various PCI chipset
bugs/quirks. Disable this only if your target machine is
unaffected by PCI quirks.
Type: boolean
Choice: built-in [∗]
Reason: You can safely exclude this option if you're machine is unaffected
by PCI quirks.
It's generally a good idea to include this option on systems with a
buggy bios.
Symbol: CONFIG_MEMBARRIER
Help: Enable the membarrier() system call that allows issuing memory
barriers across all running threads, which can be used to distribute
the cost of user-space memory barriers asymmetrically by transforming
pairs of memory barriers into pairs consisting of membarrier() and a
compiler barrier.
If unsure, say Y.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_EMBEDDED
Help: This option should be enabled if compiling the kernel for
an embedded system so certain expert options are available
for configuration.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're not building this kernel
for an embedded system.
Symbol: CONFIG_PC104
Help: Expose PC/104 form factor device drivers and options available for
selection and configuration. Enable this option if your target
machine has a PC/104 bus.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you're not building this kernel
for an embedded system with a PC/104 bus.
Symbol: CONFIG_PERF_EVENTS
Help: Enable kernel support for various performance events provided
by software and hardware.
Software events are supported either built-in or via the
use of generic tracepoints.
Most modern CPUs support performance events via performance
counter registers. These registers count the number of certain
types of hw events: such as instructions executed, cachemisses
suffered, or branches mis-predicted - without slowing down the
kernel or applications. These registers can also trigger interrupts
when a threshold number of events have passed - and can thus be
used to profile the code that runs on that CPU.
The Linux Performance Event subsystem provides an abstraction of
these software and hardware event capabilities, available via a
system call and used by the "perf" utility in tools/perf/. It
provides per task and per CPU counters, and it provides event
capabilities on top of those.
Say Y if unsure.
Type: boolean
Choice: built-in -∗-
Reason: It's highly recommended that you include this option in your kernel
(that is if it isn't already forcibly included by CONFIG_X86, CONFIG_NET
and CONFIG_MULTIUSER).
Symbol: CONFIG_DEBUG_PERF_USE_VMALLOC
Help: Use vmalloc memory to back perf mmap() buffers.
Mostly useful for debugging the vmalloc code on platforms
that don't require it.
Say N if unsure.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's intended for debugging
purposes.
Symbol: CONFIG_VM_EVENT_COUNTERS
Help: VM event counters are needed for event counts to be shown.
This option allows the disabling of the VM event counters
on EXPERT systems. /proc/vmstat will only show page counts
if VM event counters are disabled.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_SLUB_DEBUG
Help: SLUB has extensive debug support features. Disabling these can
result in significant savings in code size. This also disables
SLUB sysfs support. /sys/slab will not exist and there will be
no support for cache validation etc.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's intended for debugging
purposes.
Symbol: CONFIG_COMPAT_BRK
Help: Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
This option changes the bootup default to heap randomization
disabled, and can be overridden at runtime by setting
/proc/sys/kernel/randomize_va_space to 2.
On non-ancient distros (post-2000 ones) N is usually a safe choice.
Type: boolean
Choice: built-in [∗]
Reason: You can safely include this option in your kernel to lower system overhead.
Symbol: CONFIG_SLUB
Help: SLUB is a slab allocator that minimizes cache line usage
instead of managing queues of cached objects (SLAB approach).
Per cpu caching is realized using slabs of objects instead
of queues of objects. SLUB can use memory efficiently
and has enhanced diagnostics. SLUB is the default choice for
a slab allocator.
Type: boolean
Choice: built-in (X)
Reason: It's highly recommended that you include this option in your kernel
as CONFIG_SLAB is super old and irrelevant nowadays and CONFIG_SLOB
is for embedded systems with limited memory and storage space
(and will perform really bad when used on a regular desktop/laptop
as it may take hours to extract a big package).
Symbol: CONFIG_SLAB_FREELIST_RANDOM
Help: Randomizes the freelist order used on creating new pages. This
security feature reduces the predictability of the kernel slab
allocator against heap overflows.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's related to CONFIG_SLAB.
Symbol: CONFIG_SLUB_CPU_PARTIAL
Help: Per cpu partial caches accellerate objects allocation and freeing
that is local to a processor at the price of more indeterminism
in the latency of the free. On overflow these caches will be cleared
which requires the taking of locks that may cause latency spikes.
Typically one would choose no for a realtime system.
Type: boolean
Choice: built-in [∗]
Reason: It's recommended that you include this option as it adds a performance
boost and speeds up object allocation and freeing at the cost of a
slight increase in memory footprint.
Exclude only if you're concerned about latency.
Symbol: CONFIG_PROFILING
Help: Say Y here to enable the extended profiling support mechanisms used
by profilers such as OProfile.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_KPROBES
Help: Kprobes allows you to trap at almost any kernel address and
execute a callback function. register_kprobe() establishes
a probepoint and specifies the callback. Kprobes is useful
for kernel debugging, non-intrusive instrumentation and testing.
If in doubt, say "N".
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_JUMP_LABEL
Help: This option enables a transparent branch optimization that
makes certain almost-always-true or almost-always-false branch
conditions even cheaper to execute within the kernel.
Certain performance-sensitive kernel code, such as trace points,
scheduler functionality, networking code and KVM have such
branches and include support for this optimization technique.
If it is detected that the compiler has support for "asm goto",
the kernel will compile such branches with just a nop
instruction. When the condition flag is toggled to true, the
nop will be converted to a jump instruction to execute the
conditional block of instructions.
This technique lowers overhead and stress on the branch prediction
of the processor and generally makes the kernel faster. The update
of the condition is slower, but those are always very rare.
( On 32-bit x86, the necessary options added to the compiler
flags may increase the size of the kernel slightly. )
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as it's intended for debugging
purposes.
Symbol: CONFIG_GCC_PLUGINS
Help: GCC plugins are loadable modules that provide extra features to the
compiler. They are useful for runtime instrumentation and static analysis.
See Documentation/gcc-plugins.txt for details.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option as you probably won't need those extra
modules provided.
Symbol: CONFIG_CC_STACKPROTECTOR_NONE
Help: Disable "stack-protector" GCC feature.
Type: boolean
Choice: built-in [∗]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_ARCH_MMAP_RND_BITS
Help: This value can be used to select the number of bits to use to
determine the random offset to the base address of vma regions
resulting from mmap allocations. This value will be bounded
by the architecture's minimum and maximum supported values.
This value can be changed after boot using the
/proc/sys/vm/mmap_rnd_bits tunable
Type: integer
Choice: (28) default
Reason: You can safely leave the value of this option to its default value
of (28).
Symbol: CONFIG_ARCH_MMAP_RND_COMPAT_BITS
Help: This value can be used to select the number of bits to use to
determine the random offset to the base address of vma regions
resulting from mmap allocations for compatible applications This
value will be bounded by the architecture's minimum and maximum
supported values.
This value can be changed after boot using the
/proc/sys/vm/mmap_rnd_compat_bits tunable
Type: integer
Choice: (8) default
Reason: You can safely leave the value of this option to its default value
of (8).
Symbol: CONFIG_VMAP_STACK
Help: Enable this if you want the use virtually-mapped kernel stacks
with guard pages. This causes kernel stack overflows to be
caught immediately rather than causing difficult-to-diagnose
corruption.
This is presently incompatible with KASAN because KASAN expects
the stack to map directly to the KASAN shadow map using a formula
that is incorrect if the stack is in vmalloc space.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_REFCOUNT_FULL
Help: Enabling this switches the refcounting infrastructure from a fast
unchecked atomic_t implementation to a fully state checked
implementation, which can be (slightly) slower but provides protections
against various use-after-free conditions that can be used in
security flaw exploits.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option to lower system overhead.
Symbol: CONFIG_GCOV_KERNEL
Help: This option enables gcov-based code profiling (e.g. for code coverage
measurements).
If unsure, say N.
Additionally specify CONFIG_GCOV_PROFILE_ALL=y to get profiling data
for the entire kernel. To enable profiling for specific files or
directories, add a line similar to the following to the respective
Makefile:
For a single file (e.g. main.o):
GCOV_PROFILE_main.o := y
For all files in one directory:
GCOV_PROFILE := y
To exclude files from being profiled even when CONFIG_GCOV_PROFILE_ALL
is specified, use:
GCOV_PROFILE_main.o := n
and:
GCOV_PROFILE := n
Note that the debugfs filesystem has to be mounted to access
profiling data.
Type: boolean
Choice: excluded [ ]
Reason: You can safely exclude this option if you've already excluded
CONFIG_PROFILING to lower system overhead.
4 Comments
The Man
07/01/2018
Trying this on 4.14.12 kernel and I can’t exclude “Control Group support —>” unless I exclude CONFIG_GENTOO_LINUX (and you included this in part2)
Selected by: GENTOO_LINUX_PORTAGE [=n] && GENTOO_LINUX [=y] || GENTOO_LINUX_INIT_SYSTEMD [=n] && GENTOO_LINUX [=y] && GENTOO_LINUX_UDEV [=y] || SCHED_AUTOGROUP [=y]
DOTSLASHLINUX
07/01/2018
@The Man, you don’t have to exclude CONFIG_GENTOO_LINUX in order to exclude CONFIG_CGROUPS. In your case excluding CONFIG_SCHED_AUTOGROUP would do the trick.
And I never said that excluding CONFIG_GENTOO_LINUX is necessary to exclude CONFIG_CGROUPS, I only excluded CONFIG_GENTOO_LINUX_PORTAGE. Also if you read the help documentation provided for that option, you’ll see that all it does is select other options, meaning if you excluded CONFIG_GENTOO_LINUX_PORTAGE and included the rest of the options it selects yourself, you’ll be able to exclude CONFIG_CGROUPS.
Hope it makes more sense now.
The Man
07/01/2018
It makes more sense now. You’re right, I apologize. Should have gone through everything before making a comment, still have a lot to go through.
DOTSLASHLINUX
07/01/2018
@The Man, you sir are the man… No need to apologize buddy, it’s just that I felt a bit weird since I most certainly remember that I explained this exact option in detail in part 2.
It’s totally fine, whenever you have more questions feel free to drop a comment here and I’ll reply as soon as possible.
Good luck with building your custom-configured dream Linux kernel!
Leave A Comment