Kindly support DOTSLASHLINUX on Patreon to keep the website up and running while remaining ads free.

Part Section Link
1 Intro Click Here
2 [∗] Gentoo Linux support ---> Click Here
3 General setup ---> Click Here
4 [∗] Enable loadable module support ---> Click Here
5 [∗] Enable the block layer ---> Click Here
6 Processor type and features ---> Click Here
7 Power management and ACPI options ---> Click Here
8 Bus options (PCI etc.) ---> Click Here
9 Executable file formats / Emulations ---> Click Here
10 [∗] Networking support ---> Click Here
11 Device Drivers ---> Click Here
12 Firmware Drivers ---> Click Here
13 File systems ---> Click Here
14 Kernel hacking ---> Click Here
15 Security options ---> Click Here
16 -∗- Cryptographic API ---> Click Here
17 [∗] Virtualization ---> Click Here
18 Library routines ---> Click Here
Kernel Sources:       sys-kernel/gentoo-sources

Kernel Version:       4.14.12

Last Updated on:      06/01/2018

Update Notice:        1- Excluded 'CONFIG_PAGE_TABLE_ISOLATION' in 'Security options --->'
                      2- Included 'CONFIG_STANDALONE' in 'Device Drivers  --->'
                      3- Included 'CONFIG_PREVENT_FIRMWARE_BUILD' in 'Device Drivers  --->'
                      4- Included 'CONFIG_X86_5LEVEL' in 'Processor type and features  --->'
                      5- Included 'CONFIG_ORC_UNWINDER' in 'Kernel hacking  --->'
                      6- Excluded QEMU-virtualization-related options in favor of VirtualBox
                      7- Excluded swap-related options
                      8- Excluded 32-bit support
                      9- Switched from XFS to EXT4

Priorities:           1- high performance
                      2- minimal
                      3- low memory footprint
                      4- small size
                      5- power saving
                      6- security
                      7- low-latency

Total Options:        2469 (grep -c 'CONFIG_' DOTSLASHLINUX.config)

Included Options:     645 (grep -c '=y' DOTSLASHLINUX.config)

Excluded Options:     1761 (grep -c 'is not set' DOTSLASHLINUX.config)

Final Size (LZ4):     5,644,240 Bytes

Patches Applied:      1- UKSM-4.14 Patch (

Contributors:         Firas Khalil Khana [irc: firas] [email:]

Side Notes:           1- Options that aren't listed here are excluded [ ].
                      2- These guides provide users with a solid starting setup to build on.
                      3- These guides are constantly being updated.
                      4- If there's something I didn't explain properly or I misexplained
                         then please do let me know either by kindly leaving a comment below
                         or by sending me an email on:

The Linux Kernel Configuration Guide Part 15 - Security options --->

Firas Khalil Khana | 15/09/2017

While security is important, it isn’t a high priority in this series (although we’ve gone through some options related to security).

You know what they say “There isn’t a 100% secure system”. You have to find the right balance between conveniency, usability and security otherwise you can easily render a system unusable if you beefed security up to an insane level.

I’d recommend (at least as a starting point) that you leave all options in this section excluded (or only include those required by other options).

Default security module (Unix Discretionary Access Controls) —>

Help:       Select the security module that will be used by default if the
            kernel parameter security= is not specified.

(X) Unix Discretionary Access Controls


Help:       There is no help available for this option.

Type:       boolean

Choice:     built-in (X)

Reason:     It's highly recommended that you include this option in your kernel
            (that is if it isn't already forcibly included as it's the only
            option available on many systems).

Chinese Translation

One of DOTSLASHLINUX followers 杨鑫 (Yang Mame) from China, decided to follow up with the series and provide Chinese translation of the kernel configuration guides on his blog.

To read this guide in Chinese click here.

Leave A Comment