~vcs-imports/ipfire/ipfire-2.x

« back to all changes in this revision

Viewing changes to config/kernel/kernel.config.x86_64-ipfire

  • Committer: Michael Tremer
  • Author(s): Peter Müller
  • Date: 2023-10-20 08:44:26 UTC
  • Revision ID: git-v1:447d0bf51ed17f16880fd5041b3a88dcdec8a648
linux: Disable io_uring

This subsystem has been a frequent source of security vulnerabilities
affecting the Linux kernel; as a result, Google announced on June 14,
2023, that they would disable it in their environment as widely as
possible.

IPFire does not depend on the availability of io_uring. Therefore,
disable this subsystem as well in order to preemptively cut attack
surface.

See also: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Show diffs side-by-side

added added

removed removed

Lines of Context:
249
249
CONFIG_EVENTFD=y
250
250
CONFIG_SHMEM=y
251
251
CONFIG_AIO=y
252
 
CONFIG_IO_URING=y
 
252
# CONFIG_IO_URING is not set
253
253
CONFIG_ADVISE_SYSCALLS=y
254
254
CONFIG_MEMBARRIER=y
255
255
CONFIG_KALLSYMS=y
7041
7041
# CONFIG_DLM_DEPRECATED_API is not set
7042
7042
# CONFIG_DLM_DEBUG is not set
7043
7043
# CONFIG_UNICODE is not set
7044
 
CONFIG_IO_WQ=y
7045
7044
# end of File systems
7046
7045
 
7047
7046
#