Commit Graph

175 Commits

Author SHA1 Message Date
Shea Levy
8dbd385e1c kernel config: Fix grsecurity-specific config
Refs 13a38440c6
2015-05-18 14:32:29 -04:00
William A. Kennington III
ec1a281f0a kernel-config: Fix for i686 2015-05-17 03:02:44 -07:00
William A. Kennington III
13a38440c6 kernel-config: Grsecurity fixes 2015-05-15 18:38:15 -07:00
William A. Kennington III
bca69399a8 kernel-config: kvm changes 2015-05-15 18:38:15 -07:00
William A. Kennington III
7aae0f3115 kernel-config: mlx4-en enable vxlan offloading 2015-05-15 18:38:15 -07:00
William A. Kennington III
19d5b1e37a kernel-config: nfs changes 2015-05-15 18:38:14 -07:00
Tobias Geerinckx-Rice
8a2deb7abe linux: disable UEVENT_HELPER by default on versions >= 3.15 2015-04-06 14:00:03 +02:00
Domen Kožar
c31f1d99a5 fix linux 3.2/3.4 builds 2015-03-29 21:41:05 +02:00
Arseniy Seroka
a639c710ae Merge pull request #6968 from oxij/unquestionably-good
Easy to check to be unquestionably good changes
2015-03-28 13:16:13 +03:00
Jan Malakhovski
89bfacdf90 kernel: add a warning/note at the top of common-config so that people would hopefully stop breaking the older kernels 2015-03-26 12:43:42 +00:00
William A. Kennington III
4d47c0dd24 kernel-config: Add microcode support + early loading on new kernels 2015-03-25 11:30:03 -07:00
Mathijs Kwik
5cac50b3bf kernel: add support for experimental Realtek2800 models
tested with AVM Fritz wlan Stick N
2015-03-22 13:49:29 +01:00
William A. Kennington III
6437ad00f0 kernel/common-config: More fixes 2015-03-20 15:05:43 -07:00
William A. Kennington III
9dc8335294 kernel/common-config: Fix older kernels 2015-03-20 14:41:03 -07:00
Eelco Dolstra
ebef573641 Merge pull request #6476 from ts468/squashfs
Change kernel config: improve squashfs support of kernel
2015-03-12 21:41:53 +01:00
Eelco Dolstra
798e613e16 kernel: Enable kprobes and other tracing features
All of these should have minimal performance impact unless enabled at
runtime.
2015-03-11 17:14:37 +01:00
Thomas Strobel
0d1c39443b Change kernel config: improve squashfs support of kernel 2015-03-08 13:58:00 +01:00
Eelco Dolstra
3b9b620656 Revert "linux: disable UEVENT_HELPER*"
This reverts commit 9f87f3ccb0 because
it causes /proc/sys/kernel/hotplug to not be cleared on Linux <= 3.14.
2015-03-06 15:59:06 +01:00
Eelco Dolstra
c502efc72a linux: Enable Intel idle driver
Also build the performance governor into the kernel so there is a sane
default. Note that cpufreq.service will still load "ondemand" on
non-pstate systems.
2015-03-04 17:11:41 +01:00
Eelco Dolstra
26da67ff73 Kernel config: Separate power management and debugging 2015-03-04 17:10:47 +01:00
aszlig
791b970c6e
linux/kernel: Remove EXT2_FS_XIP for version 4.0.
The option has been removed in torvalds/linux@6cd176a and thus we
shouldn't try to set it for kernel version 4.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-03-04 15:42:44 +01:00
Eelco Dolstra
584ca36462 linux: Disable CONFIG_DEBUG_STACKOVERFLOW
This got enabled accidentally in
e64e3ad88a.
2015-03-02 23:36:05 +01:00
Tobias Geerinckx-Rice
9f87f3ccb0 linux: disable UEVENT_HELPER*
Deprecated since 2006: http://lwn.net/Articles/166954/
2015-03-01 03:31:59 +01:00
Thomas Strobel
eb97dc0013 Add kernel config for dom0 of Xen 2015-02-16 20:52:06 +01:00
Tobias Geerinckx-Rice
a43db5fa20 kernel: common-config.nix: enable FANOTIFY 2015-02-12 19:39:44 +01:00
Tobias Geerinckx-Rice
a5c072a610 kernel: common-config.nix: remove useless 'FTRACE n' before 'y' 2015-02-11 05:29:48 +01:00
aszlig
8ac1765e28
linux-testing: Update to version 3.19-rc5.
Using linux-testing for a bunch of machines, I'd actually expect it to
be more recent than the latest stable, but until now it actually was
behind.

Since torvalds/linux@464ed18ebd, the option
PM_RUNTIME doesn't exist anymore, so we need to remove it from our
common config.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-22 09:56:37 +01:00
William A. Kennington III
e0098e8408 Revert "linux kernel: set VFIO_PCI_VGA to y for versions > 3.9"
This reverts commit 774486a149.
2015-01-07 10:55:06 -08:00
Jan Malakhovski
774486a149 linux kernel: set VFIO_PCI_VGA to y for versions > 3.9
This allows to passthrough PCI video adapters to KVM virtual machines.
VFIO_PCI is set to `m` by default, which means this will not affect
non-users.
2015-01-07 11:08:58 +00:00
Nikolay Amiantov
e9d868de63 kernel: enable intel_pstate 2015-01-06 03:07:32 +03:00
William A. Kennington III
557a3c92e3 kernel: Don't enable the iommu by default as this breaks for some hardware 2014-11-13 16:23:49 -08:00
Domen Kožar
7ff9cd2c41 more kernel fixes 2014-11-11 09:22:18 +01:00
Domen Kožar
b9388e9711 fix kernel builds on 32bit linux 2014-11-11 07:06:09 +01:00
Eelco Dolstra
e78a1603fc linux: Enable BPF_JIT only on 64-bit
It's not supported on i686.

http://hydra.nixos.org/build/16834647
2014-11-10 20:21:28 +01:00
lethalman
27b79a0469 Merge pull request #4780 from ambrop72/kernel-ppp-filter
kernel: Enable PPP_FILTER by default.
2014-11-08 12:41:13 +01:00
William A. Kennington III
d88c5eed1d kernel: Add more supported features 2014-11-08 02:44:19 -08:00
ambrop7@gmail.com
fc533f0e84 kernel: Enable PPP_FILTER by default.
pppd will try to use it to improve efficiency and complain if it's not available
(but is is not mandatory).
2014-11-02 15:10:09 +01:00
lethalman
2c0cc6cedc Merge pull request #4587 from uzska/master
Added line SCSI_SAS_ATA y on line 62
2014-10-24 09:39:40 +02:00
Eelco Dolstra
38ed4d4d0f linux: Enable FW_LOADER_USER_HELPER_FALLBACK
We don't really need this anymore, except that our docs say that you
can put firmware in /root/test-firmware, which doesn't work via
/sys/module/firmware_class/parameters/path.
2014-10-20 13:25:00 +02:00
uzska
0fa57137cf Added line SCSI_SAS_ATA y on line 62
This kernel change will make the nixOS live cd detect the hard drive upon boot.
2014-10-17 13:31:08 -07:00
Daniel Peebles
0bb14e4fea Disable NFC on 3.17 or above
This should only be temporary, but there's a bug in the 3.17 rc1 and rc2 that leads to cyclic module dependencies and a segfault during the build process.
2014-08-29 01:49:32 -04:00
Eelco Dolstra
e4752d7877 linux: Enable ACLs in ext3
http://hydra.nixos.org/build/13462892
2014-08-18 14:33:09 +02:00
Bjørn Forsman
28cb0f58c4 linux: only enable CONFIG_NFS_SWAP for v3.6+ kernels
Linux v3.6 is the earliest version with CONFIG_NFS_SWAP support. This
change unbreaks NixOS tests for older kernels.
2014-07-16 12:13:06 +02:00
Ricardo M. Correia
85e444f4f8 linux: Enable NFSv4.1, v4.2 clients and swap on NFS
I'm only enabling for kernels >= 3.11 to be conservative, because clients and
servers automatically negotiate and use the highest mutually supported version
by default, but only in kernel 3.11 server NFSv4.1 support actually became RFC
compliant.

I'm also adding support for swap on NFS, which is enabled by default on
Ubuntu kernels.
2014-07-15 15:07:25 +02:00
Michael Raskin
0ecfc6cb49 Merge pull request #2213 from thoughtpolice/kernel-config
nixos: make several kernel common-config options optional
2014-06-30 09:01:08 +04:00
Michael Raskin
8297a26746 Create an option to build 3.16-rc1 which carries a new Wireless driver; make USB_DEBUG optional as it seems to be planned to disappear in 3.16. 2014-06-18 00:23:48 +02:00
Michael Raskin
f9c05a3bad Merge pull request #2378 from wizeman/u/kernel-zram
linux: Add support for zram
2014-05-27 01:40:18 -07:00
Austin Seipp
ac38b32974 kernel/grsec: another optional option
This should fix the testing kernels.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:57:10 -05:00
Austin Seipp
e64e3ad88a kernel: only use DEBUG_STACKOVERFLOW if !grsecurity
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:56:52 -05:00
Austin Seipp
80d0e31a94 kernel: allow features to be used in common-config
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:49:32 -05:00
Austin Seipp
657998dbcb kernel/common-config: Another optional option
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 19:44:03 -05:00
Austin Seipp
b5b434c98a kernel: make some common-config options optional for grsec
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 16:37:22 -05:00
Austin Seipp
4f27ad14a1 grsec: refactor grsecurity packages
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
Austin Seipp
92abc4c610 kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Ricardo M. Correia
f0e3775f2e linux: Add support for zram 2014-04-24 23:47:08 +02:00
Eelco Dolstra
4e8c2f0ff9 Merge branch 'systemd-update' 2014-04-20 19:31:01 +02:00
Eelco Dolstra
5da309fcaa linux: Enable SND_DYNAMIC_MINORS
This is necessary if you get:

  kernel: Too many HDMI devices
  kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
2014-04-18 21:50:00 +02:00
Eelco Dolstra
3f01caa89f linux: Enable transparent hugepages 2014-04-16 22:40:07 +02:00
Austin Seipp
acbf28145c nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.

The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.

This is really just an arbitrary picking at the moment, but it should be
OK.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:39:29 -05:00
Shea Levy
0c66dbaee6 Enable CC_STACKPROTECTOR_REGULAR on linux 3.14+ 2014-04-02 17:58:54 -04:00
Shea Levy
2d4ce25b5b Add linux 3.14 2014-03-31 20:54:47 -04:00
Shea Levy
3ae5e801a5 Linux 3.13
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-19 22:35:24 -05:00
Eelco Dolstra
8a182718ca splashutils: Remove 2013-09-26 18:03:43 +02:00
aszlig
2e89b40634
Merge pull request #1010 from offlinehacker.
Although this is a release canidate version of kernel 3.12, there are
reasons for merging this anyway, as discussed in #1010 and #1006.

Thanks to @offlinehacker for this and the initial pull request.
2013-09-25 14:05:33 +02:00
Jaka Hudoklin
69f30432dd kernel: add linux 3.12-rc2 2013-09-25 12:49:49 +02:00
Eelco Dolstra
7856ba881a linux: Enable proper blkio controller support
Having BLK_CGROUP is not enough, you need BLK_DEV_THROTTLING or
CFQ_GROUP_IOSCHED to do anything useful.
2013-09-17 16:00:36 +02:00
Mathijs Kwik
27a810346a Revert "linux: really provide /proc/config.gz"
This reverts commit 68ce9e91e1.

/proc/config.gz is available after "modprobe configs"
and in
/run/booted-system/kernel-modules/config
2013-09-04 09:29:00 +02:00
Mathijs Kwik
03c9a1fb33 linux 3.11
works fine for me, but nvidia binary driver fails once again
2013-09-04 09:29:00 +02:00
Bjørn Forsman
68ce9e91e1 linux: really provide /proc/config.gz
Currently there is no /proc/config.gz, even though the configuration
indicates it. This fixes it.
2013-08-16 23:12:07 +02:00
Evgeny Egorochkin
339e1d94c6 Turning off PAE support which makes kernel unbootable on older hardware causes CRASH_DUMP option to
disappear, so make it optional.
2013-08-12 05:32:11 +03:00
Eelco Dolstra
f155a35d7d Move kernelExtraConfig to common-config.nix (for x86)
It's bad to have the kernel config scattered across two places.  (This
should also be done for the other architectures.)

Also, restore Xen and KVM guest support in Linux 3.10.
2013-08-01 14:35:31 +02:00
Eelco Dolstra
d1de0e2d6d linux: Enable detection of hung tasks 2013-08-01 01:40:41 +02:00
Eelco Dolstra
f2f00c56e4 linux: Enable stack protector
This may prevent exploitation of buffer overflows.
2013-08-01 01:40:41 +02:00
Eelco Dolstra
bc8186be1e linux: Disable /dev/kmem
See e.g.
  https://wiki.ubuntu.com/Security/Features#A.2BAC8-dev.2BAC8-kmem_disabled
2013-08-01 01:40:40 +02:00
Eelco Dolstra
7ce325f3e0 Unify the Linux kernel configurations
Having N different copies of the NixOS kernel configuration is bad
because these copies tend to diverge.  For instance, our 3.10 config
lacked some modules that were enabled in older configs, probably
because the 3.10 config had been copied off an earlier version of some
older kernel config.

So now there is a single kernel config in common-config.nix.  It has a
few conditionals to deal with new/removed kernel options, but
otherwise it's pretty straightforward.

Also, a lot of cut&paste boilerplate between the kernel Nix
expressions is gone (such as preConfigure).
2013-08-01 01:40:40 +02:00