File: [cvs.NetBSD.org] / src / sys / arch / evbarm / conf / GENERIC.common (download)
Revision 1.13, Sat May 21 18:31:13 2016 UTC (7 years, 10 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-base, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, nick-nhusb-base-20161004, nick-nhusb-base-20160907, nick-nhusb-base-20160529, localcount-20160914 Branch point for: pgoyette-localcount
Changes since 1.12: +26 -1
lines
Add various security options; enables PaX ASLR/MPROTECT
|
#
# $NetBSD: GENERIC.common,v 1.13 2016/05/21 18:31:13 christos Exp $
#
# GENERIC evbarm kernel config (template)
#
# estimated number of users
maxusers 32
# Standard system options
options RTC_OFFSET=0 # hardware clock is this many mins. west of GMT
#options NTP # NTP phase/frequency locked loop
# CPU options
options PMAPCOUNTERS
# Architecture options
# File systems
include "conf/filesystems.config"
no file-system LFS
no file-system CODA
no pseudo-device vcoda
# File system options
#options QUOTA # legacy UFS quotas
#options QUOTA2 # new, in-filesystem UFS quotas
options FFS_EI # FFS Endian Independent support
options NFSSERVER
options WAPBL # File system journaling support
#options FFS_NO_SNAPSHOT # No FFS snapshot support
# Networking options
#options GATEWAY # packet forwarding
options INET # IP + ICMP + TCP + UDP
options INET6 # IPV6
options IPSEC # IP security
#options IPSEC_DEBUG # debug for IP security
#options MROUTING # IP multicast routing
#options PIM # Protocol Independent Multicast
#options NETATALK # AppleTalk networking
#options PPP_BSDCOMP # BSD-Compress compression support for PPP
#options PPP_DEFLATE # Deflate compression support for PPP
#options PPP_FILTER # Active filter support for PPP (requires bpf)
#options TCP_DEBUG # Record last TCP_NDEBUG packets with SO_DEBUG
# JIT compiler for bpfilter
#options SLJIT
options BPFJIT
#options NFS_BOOT_BOOTP
options NFS_BOOT_DHCP
#options NFS_BOOT_BOOTSTATIC
#options NFS_BOOTSTATIC_MYIP="\"192.168.1.4\""
#options NFS_BOOTSTATIC_GWIP="\"192.168.1.1\""
#options NFS_BOOTSTATIC_MASK="\"255.255.255.0\""
#options NFS_BOOTSTATIC_SERVADDR="\"192.168.1.1\""
#options NFS_BOOTSTATIC_SERVER="\"192.168.1.1:/nfs/sdp2430\""
options NFS_BOOT_RWSIZE=1024
# Compatibility options
options COMPAT_NETBSD32 # allow running arm (e.g. non-earm) binaries
#options COMPAT_43 # 4.3BSD compatibility.
#options COMPAT_09 # NetBSD 0.9,
#options COMPAT_10 # NetBSD 1.0,
#options COMPAT_11 # NetBSD 1.1,
#options COMPAT_12 # NetBSD 1.2,
#options COMPAT_13 # NetBSD 1.3,
#options COMPAT_14 # NetBSD 1.4,
#options COMPAT_15 # NetBSD 1.5,
#options COMPAT_16 # NetBSD 1.6,
#options COMPAT_20 # NetBSD 2.0,
#options COMPAT_30 # NetBSD 3.0,
#options COMPAT_40 # NetBSD 4.0,
#options COMPAT_50 # NetBSD 5.0,
options COMPAT_60 # NetBSD 6.0, and
options COMPAT_70 # NetBSD 7.0 binary compatibility.
#options TCP_COMPAT_42 # 4.2BSD TCP/IP bug compat. Not recommended.
#options COMPAT_BSDPTY # /dev/[pt]ty?? ptys.
# Shared memory options
options SYSVMSG # System V-like message queues
options SYSVSEM # System V-like semaphores
#options SEMMNI=10 # number of semaphore identifiers
#options SEMMNS=60 # number of semaphores in system
#options SEMUME=10 # max number of undo entries per process
#options SEMMNU=30 # number of undo structures in system
options SYSVSHM # System V-like memory sharing
# Device options
#options MEMORY_DISK_HOOKS # boottime setup of ramdisk
#options MEMORY_DISK_ROOT_SIZE=8192 # Size in blocks
#options MEMORY_DISK_DYNAMIC
#options MINIROOTSIZE=1000 # Size in blocks
#options MEMORY_DISK_IS_ROOT # use memory disk as root
#options MEMORY_DISK_FBFLAGS=RB_SINGLE
# Miscellaneous kernel options
options KTRACE # system call tracing, a la ktrace(1)
#options SCSIVERBOSE # Verbose SCSI errors
#options MIIVERBOSE # Verbose MII autoconfuration messages
#options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
# Wedge support
options DKWEDGE_AUTODISCOVER # Automatically add dk(4) instances
options DKWEDGE_METHOD_GPT # Supports GPT partitions as wedges
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
options BUFQ_PRIOCSCAN
# Development and Debugging options
#options PERFCTRS # performance counters
options DIAGNOSTIC # internal consistency checks
#options DEBUG
#options LOCKDEBUG
#options PMAP_DEBUG # Enable pmap_debug_level code
#options IPKDB # remote kernel debugging
#options VERBOSE_INIT_ARM # verbose bootstraping messages
options DDB # in-kernel debugger
options DDB_ONPANIC=1
options DDB_HISTORY_SIZE=100 # Enable history editing in DDB
#options DDB_COMMANDONENTER="bt"
#options KGDB
# Pseudo-Devices
# crypto pseudo-devices
pseudo-device crypto # /dev/crypto device
pseudo-device swcrypto # software crypto implementation
# disk/mass storage pseudo-devices
#pseudo-device md # memory disk device (ramdisk)
pseudo-device vnd # disk-like interface to files
#pseudo-device fss # file system snapshot device
pseudo-device drvctl # driver control
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
pseudo-device loop # network loopback
pseudo-device bridge # simple inter-network bridging
pseudo-device vlan # IEEE 802.1q encapsulation
pseudo-device ppp # Point-to-Point Protocol
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
pseudo-device tun # network tunneling over tty
pseudo-device tap # virtual Ethernet
pseudo-device gre # generic L3 over IP tunnel
pseudo-device npf # NPF packet filter
# miscellaneous pseudo-devices
pseudo-device pty # pseudo-terminals
#options RND_COM
#pseudo-device clockctl # user control of clock subsystem
pseudo-device ksyms # /dev/ksyms
pseudo-device lockstat # lock profiling
options FILEASSOC # fileassoc(9) - required for Veriexec
# Veriexec
#
# a pseudo device needed for veriexec
pseudo-device veriexec
#
# Uncomment the fingerprint methods below that are desired. Note that
# removing fingerprint methods will have almost no impact on the kernel
# code size.
#
options VERIFIED_EXEC_FP_RMD160
options VERIFIED_EXEC_FP_SHA256
options VERIFIED_EXEC_FP_SHA384
options VERIFIED_EXEC_FP_SHA512
options VERIFIED_EXEC_FP_SHA1
options VERIFIED_EXEC_FP_MD5
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
options PAX_MPROTECT_DEBUG=1 # PaX mprotect debug
options PAX_ASLR=1 # PaX Address Space Layout Randomization