diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2023-03-08 11:01:18 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@xry111.site> | 2023-03-08 11:25:38 +0800 |
| commit | e0fb1098a4b0f5059f029fd88eff78ca244beec1 (patch) | |
| tree | 52c2ecf5efc84fbeb7268b3b88638f7b99c28278 /chapter10 | |
| parent | 271c85653827212cacc4a9973ee31b6c6c30f6a3 (diff) | |
kernel: Recommend to disable CONFIG_EXPERT
Let's not encourage users to try tricky things and shoot their own foot.
For systemd, if CONFIG_EXPERT is disable, CONFIG_FHANDLE will be enabled
automatically. So there is no need to enable CONFIG_EXPERT and then set
CONFIG_FHANDLE manually.
Diffstat (limited to 'chapter10')
| -rw-r--r-- | chapter10/kernel.xml | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index e7bcfdb87..4618cc18e 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -111,6 +111,7 @@ General setup ---> [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] < > Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] @@ -137,8 +138,7 @@ General setup ---> [*] Control Group support [CONFIG_CGROUPS] ---> [*] Memory controller [CONFIG_MEMCG] [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED] - [*] Configure standard kernel features (expert users) [CONFIG_EXPERT] ---> - [*] open by fhandle syscalls [CONFIG_FHANDLE] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP] [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] @@ -237,6 +237,19 @@ Device Drivers ---> </varlistentry> <varlistentry> + <term> + <parameter> + Configure standard kernel features (expert users) + </parameter> + </term> + <listitem> + <para>This will make some options show up in the configuration + interface but changing those options may be dangerous. Do not use + this unless you know what you are doing.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><parameter>Strong Stack Protector</parameter></term> <listitem> <para>Enable SSP for the kernel. We've enabled it for the entire |