AUFS was updated to "4.20.4+-20190211" in the process.
As for the sorted entries in the config files - this helps a lot during
rebases to the newer stable kernel branches.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
It was long since obsolete but sometimes difficult to maintain.
Now that the common Ubuntu-like kernels are the main ones in ROSA, one
common flavour of stable-based kernels is enough.
Stable-based kernels are often inferior to Ubuntu-based ones in terms of
stability, performance and hardware support. Now they are only intended for
debugging and experiments with some new features.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Besides the upstream update, I have disabled building of nrj-laptop
kernels here.
Now that the main kernels used in ROSA are based on the sources from
Ubuntu, the stable-based kernels like this one are mostly intended for
debugging. No need to build nrj-laptop flavour each time. Let us make
things a bit easier for other ABF users at least.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
While at it, made the configs a bit closer to those from Ubuntu:
* disabled IDE drivers which are now barely maintained anyway;
* disabled some debugging facilities (verboseness of some drivers,
etc.);
* made some often used modules like vfat, fuse, ata_piix, etc.,
built-in.
* and so forth.
...And set it to 3, which should only allow to print the messages with
KERN_EMERG, KERN_ALERT and KERN_CRIT levels. This should make the boot
process less noisy.
Can be overridden with loglevel=n boot option.
1. Got rid of statistics to simplify maintenance. Changing global
kernel structures is not a thing to take lightly.
2. Removed sanitization of pages. Starting from kernel 4.6, page
poisoning should be used instead. To enable it, set page_poison=on in
the boot options for the kernel.
3. The sanitization patch is now applied only if enhanced security is
enabled (disabled by default for ROSA Fresh, enabled for cert. builds).
You can also use "rpmbuild -ba --with enhanced_security <...>" to force
enable the feature.
This helps unify the kernels for the ordinary systems and for the
certified systems a bit more.
SELinux components are built-in but disabled by default. To enable
SELinux, it should be enough to add "selinux=1" to the kernel options
at boot time (or in the bootloader configuration file).
