Kernel Sources:       sys-kernel/gentoo-sources

Kernel Version:       4.14.4

Last Updated on:      06/12/2017

Update Notice:        1- Added 'CONFIG_X86_5LEVEL' to 'Processor type and features  --->'
                      2- Added 'CONFIG_ORC_UNWINDER' to 'Kernel hacking  --->'
                      3- Excluded swap options (in DOTSLASHLINUX.config only and not in the guides)
                      4- Removed 32-bit support (in DOTSLASHLINUX.config only and not in the guides)
                      5- Switched to EXT4 from XFS (in DOTSLASHLINUX.config only and not in the guides)

Priorities:           1- high performance
                      2- minimal
                      3- low memory footprint
                      4- small size
                      5- power saving
                      6- security
                      7- low-latency

Configuration File:   https://www.dotslashlinux.com/dotfiles/kernel/DOTSLASHLINUX.config

Total Options:        2646 (grep -c 'CONFIG_' DOTSLASHLINUX.config)

Included Options:     741 (grep -c '=y' DOTSLASHLINUX.config)

Excluded Options:     1841 (grep -c 'is not set' DOTSLASHLINUX.config)

Final Size (LZ4):     6,508,496 Bytes

Total Patches:        1 (UKSM-4.14 Patch) (https://github.com/dolohow/uksm/blob/master/uksm-4.14.patch)

Contributors:         Firas Khalil Khana [irc: firas] [email: firasuke@gmail.com]

Side Notes:           1- Options that aren't listed here are excluded [ ].
                      2- These guides provide users with a solid starting setup to build on.
                      3- These guides are constantly being updated.
                      4- If there's something I didn't explain properly or I misexplained
                         then please do let me know either by kindly leaving a comment below
                         or sending me an email on: firasuke@gmail.com
                      5- If you found these guides helpful, then please don't forget to
                         support DOTSLASHLINUX on Patreon:

                            https://www.patreon.com/DOTSLASHLINUX

                         or on PayPal:

                            https://www.paypal.me/DOTSLASHLINUX/5
Part Section Link
1 Intro Click Here
2 [*] Gentoo Linux support ---> Click Here
3 General setup ---> Click Here
4 [*] Enable loadable module support ---> Click Here
5 [*] Enable the block layer ---> Click Here
6 Processor type and features ---> Click Here
7 Power management and ACPI options ---> Click Here
8 Bus options (PCI etc.) ---> Click Here
9 Executable file formats / Emulations ---> Click Here
10 [*] Networking support ---> Click Here
11 Device Drivers ---> Click Here
12 Firmware Drivers ---> Click Here
13 File systems ---> Click Here
14 Kernel hacking ---> Click Here
15 Security options ---> Click Here
16 -*- Cryptographic API ---> Click Here
17 [*] Virtualization ---> Click Here
18 Library routines ---> Click Here

The Linux Kernel Configuration Guide Part 15

kernel15
Firas Khalil Khana | 15/09/2017

While security is important, it isn’t a high priority in this series (although we’ve gone through some options related to security).

You know what they say “There isn’t a 100% secure system”. You have to find the right balance between conveniency, usability and security otherwise you can easily render a system unusable if you beefed security up to an insane level.

I’d recommend (at least as a starting point) that you leave all options in this section excluded (or only include those required by other options).


Default security module (Unix Discretionary Access Controls) —>

Help:       Select the security module that will be used by default if the
            kernel parameter security= is not specified.

(X) Unix Discretionary Access Controls

Symbol:     CONFIG_DEFAULT_SECURITY_DAC

Help:       There is no help available for this option.

Type:       boolean

Choice:     built-in (X)

Reason:     It's highly recommended that you include this option in your kernel
            (that is if it isn't already forcibly included as it's the only
            option available on many systems).

Chinese Translation

One of DOTSLASHLINUX’s followers from china 杨鑫 (Yang Mame), decided to follow up with the series and provide chinese translation of the kernel configuration guides on his blog.

To read this guide in chinese click here.

Leave A Comment

Become a Patron

If you liked the website and wanted to keep it up and running while remaining ads free then kindly consider supporting DOTSLASHLINUX on Patreon.

Patreon

A huge thank you to all DOTSLASHLINUX patrons:

Crosby Smith (1st Patron)

Recommended Distributions

Gentoo Linux Void Linux Arch Linux

Upcoming Articles

  • Best QEMU and KVM Configuration for Windows Guests on Linux Hosts