Changeset e5aa02fe
- Timestamp:
- 09/11/2022 04:09:18 AM (20 months ago)
- Branches:
- 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, bdubbs/gcc13, multilib, renodr/libudev-from-systemd, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc
- Children:
- c10a327
- Parents:
- a710d35
- git-author:
- Xi Ruoyao <xry111@…> (09/11/2022 04:05:21 AM)
- git-committer:
- Xi Ruoyao <xry111@…> (09/11/2022 04:09:18 AM)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
chapter10/kernel.xml
ra710d35 re5aa02fe 106 106 not work correctly or boot at all:</para> 107 107 108 <screen role="nodump" revision="sysv">General setup --> 108 <screen role="nodump" revision="sysv">Processor type and features ---> 109 [*] Build a relocatable kernel [CONFIG_RELOCATABLE] 110 [*] Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE] 111 General setup ---> 109 112 [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] 110 113 < > Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS] 114 General architecture-dependent options ---> 115 [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] 116 [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] 111 117 Device Drivers ---> 112 118 Graphics support ---> … … 118 124 [*] Automount devtmpfs at /dev, after the kernel mounted the rootfs [CONFIG_DEVTMPFS_MOUNT]</screen> 119 125 120 <screen role="nodump" revision="systemd">General setup --> 126 <screen role="nodump" revision="systemd">Processor type and features ---> 127 [*] Build a relocatable kernel [CONFIG_RELOCATABLE] 128 [*] Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE] 129 General setup ---> 121 130 [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] 122 131 [ ] Auditing Support [CONFIG_AUDIT] … … 131 140 General architecture-dependent options ---> 132 141 [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP] 142 [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] 143 [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] 133 144 Networking support ---> 134 145 Networking options ---> … … 190 201 191 202 <varlistentry> 203 <term><parameter>Randomize the address of the kernel image (KASLR)</parameter></term> 204 <listitem> 205 <para>Enable ASLR for kernel image, to mitigate some attacks based 206 on fixed addresses of sensitive data or code in the kernel.</para> 207 </listitem> 208 </varlistentry> 209 210 <varlistentry> 192 211 <term> 193 212 <parameter> … … 211 230 <para>This will require <command>cpio</command> building the kernel. 212 231 <command>cpio</command> is not installed by LFS.</para> 232 </listitem> 233 </varlistentry> 234 235 <varlistentry> 236 <term><parameter>Strong Stack Protector</parameter></term> 237 <listitem> 238 <para>Enable SSP for the kernel. We've enabled it for the entire 239 userspace with <parameter>--enable-default-ssp</parameter> 240 configuring GCC, but the kernel does not use GCC default setting 241 for SSP. We enable it explicitly here.</para> 213 242 </listitem> 214 243 </varlistentry>
Note:
See TracChangeset
for help on using the changeset viewer.