Fixes: 537ae029 ("update version, revrite config files, use zstd compression for kernel")
It is enabled on i686 and arm64.
Thanks to betcher@ for noting this.
Lockdown is a useful and needed thing, thanks to consta@ for ideas about it.
Other LSMs may also be useful (nowadays multiple LSMs can be enabled, so enable as many as possible so thet users sould use them).
Answered with default values to most questions.
Reporting of granted accesses (CONFIG_SECURITY_SMACK_BRINGUP) and packet marking (CONFIG_SECURITY_SMACK_NETFILTER) in SMACK were enbaled
for debug and because it may be potentially useful. We do not have plans to use SMACK for now by default.
CONFIG_SYSFB_SIMPLEFB and CONFIG_FB_SIMPLEDRM are mutually exclusive (since kernel 5.15),
CONFIG_SYSFB_SIMPLEFB was disabled but CONFIG_FB_SIMPLEDRM was not enabled instead of it.
Enable CONFIG_FB_SIMPLEDRM as an old, less experimental solution.
(See also: https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers -> enable simple framebuffer)
CONFIG_FB_SIMPLE was Y, but let's try to build it as a module (M).
We should try to reduce the size of vmlinuz for better support of PXE etc.
CONFIG_BLK_DEV_NULL_BLK can be N/Y and cannot be M. It is needed for tests, not for production, disabling it.
Other changes were generated automatically.
Change PREEMPT to PREEMPT_VOLUNTARY: it is a more in the middle interactivity which should be OK for both servers and desktops, Void Linux and Ubuntu have it. Previous value was too much preemption.
* disable Atom ISP as recommended by RussianNeuroMancer because it does not make cameras work on x86 Intel-based tablets where cameras are connected on i2c bus, but makes the camera consome power without working
* enable zswap by default and use the default allocator as in Arch Linux where zswap is enabled by default
https://wiki.archlinux.org/index.php/Zswap
* tune values of sysctls from le9 patch to make it have at least some effect on typical desktop and server systems but avoid too agressive OOM killer on systems with 2 GB RAM and less where OOM killer kills too many process
See discussion and my comments in the thread https://www.linux.org.ru/news/kernel/16052362
* remove not used variant of the patch which did not have any effect
Update existing x86 configs manually
Make an arm64 config based on them instead on the old one which was temporary copypasted from ALT Linux
In most cases I answered to `make ARCH=xxx defconfig` like this:
N/y -> Y
N/m(/y) -> M
Y/n(/m) -> Y
M/n(/y) -> M
But did not enable odd debug.
Probably too much hardware is enabled on arm64.
AUFS was updated to "4.20.4+-20190211" in the process.
As for the sorted entries in the config files - this helps a lot during
rebases to the newer stable kernel branches.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
It was long since obsolete but sometimes difficult to maintain.
Now that the common Ubuntu-like kernels are the main ones in ROSA, one
common flavour of stable-based kernels is enough.
Stable-based kernels are often inferior to Ubuntu-based ones in terms of
stability, performance and hardware support. Now they are only intended for
debugging and experiments with some new features.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Besides the upstream update, I have disabled building of nrj-laptop
kernels here.
Now that the main kernels used in ROSA are based on the sources from
Ubuntu, the stable-based kernels like this one are mostly intended for
debugging. No need to build nrj-laptop flavour each time. Let us make
things a bit easier for other ABF users at least.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
