@@ -6,14 +6,14 @@ config MODULE_SIG_KEY
default "certs/signing_key.pem"
depends on MODULE_SIG
help
- Provide the file name of a private key/certificate in PEM format,
- or a PKCS#11 URI according to RFC7512. The file should contain, or
- the URI should identify, both the certificate and its corresponding
- private key.
+ Provide the file name of a private key/certificate in PEM format,
+ or a PKCS#11 URI according to RFC7512. The file should contain, or
+ the URI should identify, both the certificate and its corresponding
+ private key.
- If this option is unchanged from its default "certs/signing_key.pem",
- then the kernel will automatically generate the private key and
- certificate as described in Documentation/admin-guide/module-signing.rst
+ If this option is unchanged from its default "certs/signing_key.pem",
+ then the kernel will automatically generate the private key and
+ certificate as described in Documentation/admin-guide/module-signing.rst
config SYSTEM_TRUSTED_KEYRING
bool "Provide system-wide ring of trusted keys"
@@ -169,10 +169,10 @@ config BUILD_SALT
string "Build ID Salt"
default ""
help
- The build ID is used to link binaries and their debug info. Setting
- this option will use the value in the calculation of the build id.
- This is mostly useful for distributions which want to ensure the
- build is unique between builds. It's safe to leave the default.
+ The build ID is used to link binaries and their debug info. Setting
+ this option will use the value in the calculation of the build id.
+ This is mostly useful for distributions which want to ensure the
+ build is unique between builds. It's safe to leave the default.
config HAVE_KERNEL_GZIP
bool
@@ -1327,9 +1327,9 @@ menuconfig EXPERT
select DEBUG_KERNEL
help
This option allows certain base kernel options and settings
- to be disabled or tweaked. This is for specialized
- environments which can tolerate a "non-standard" kernel.
- Only use this if you really know what you are doing.
+ to be disabled or tweaked. This is for specialized
+ environments which can tolerate a "non-standard" kernel.
+ Only use this if you really know what you are doing.
config UID16
bool "Enable 16-bit UID system calls" if EXPERT
@@ -1439,11 +1439,11 @@ config BUG
bool "BUG() support" if EXPERT
default y
help
- Disabling this option eliminates support for BUG and WARN, reducing
- the size of your kernel image and potentially quietly ignoring
- numerous fatal conditions. You should only consider disabling this
- option for embedded systems with no facilities for reporting errors.
- Just say Y.
+ Disabling this option eliminates support for BUG and WARN, reducing
+ the size of your kernel image and potentially quietly ignoring
+ numerous fatal conditions. You should only consider disabling this
+ option for embedded systems with no facilities for reporting errors.
+ Just say Y.
config ELF_CORE
depends on COREDUMP
@@ -1459,8 +1459,8 @@ config PCSPKR_PLATFORM
select I8253_LOCK
default y
help
- This option allows to disable the internal PC-Speaker
- support, saving some memory.
+ This option allows to disable the internal PC-Speaker
+ support, saving some memory.
config BASE_FULL
default y
@@ -76,7 +76,7 @@ config FTRACE_NMI_ENTER
config EVENT_TRACING
select CONTEXT_SWITCH_TRACER
- select GLOB
+ select GLOB
bool
config CONTEXT_SWITCH_TRACER
@@ -308,7 +308,7 @@ config TRACER_SNAPSHOT
cat snapshot
config TRACER_SNAPSHOT_PER_CPU_SWAP
- bool "Allow snapshot to swap per CPU"
+ bool "Allow snapshot to swap per CPU"
depends on TRACER_SNAPSHOT
select RING_BUFFER_ALLOW_SWAP
help
@@ -675,7 +675,7 @@ config MMIOTRACE_TEST
Say N, unless you absolutely know what you are doing.
config TRACEPOINT_BENCHMARK
- bool "Add tracepoint that benchmarks tracepoints"
+ bool "Add tracepoint that benchmarks tracepoints"
help
This option creates the tracepoint "benchmark:benchmark_event".
When the tracepoint is enabled, it kicks off a kernel thread that
@@ -724,7 +724,7 @@ config RING_BUFFER_STARTUP_TEST
bool "Ring buffer startup self test"
depends on RING_BUFFER
help
- Run a simple self test on the ring buffer on boot up. Late in the
+ Run a simple self test on the ring buffer on boot up. Late in the
kernel boot sequence, the test will start that kicks off
a thread per cpu. Each thread will write various size events
into the ring buffer. Another thread is created to send IPIs
@@ -573,7 +573,7 @@ config OID_REGISTRY
Enable fast lookup object identifier registry.
config UCS2_STRING
- tristate
+ tristate
#
# generic vdso
@@ -128,8 +128,8 @@ config DYNAMIC_DEBUG
lineno : line number of the debug statement
module : module that contains the debug statement
function : function that contains the debug statement
- flags : '=p' means the line is turned 'on' for printing
- format : the format used for the debug statement
+ flags : '=p' means the line is turned 'on' for printing
+ format : the format used for the debug statement
From a live system:
@@ -172,7 +172,7 @@ config DEBUG_INFO
bool "Compile the kernel with debug info"
depends on DEBUG_KERNEL && !COMPILE_TEST
help
- If you say Y here the resulting kernel image will include
+ If you say Y here the resulting kernel image will include
debugging info resulting in a larger kernel image.
This adds debug symbols to the kernel and modules (gcc -g), and
is needed if you intend to use kernel crashdump or binary object
@@ -269,13 +269,13 @@ config STRIP_ASM_SYMS
get_wchan() and suchlike.
config READABLE_ASM
- bool "Generate readable assembler code"
- depends on DEBUG_KERNEL
- help
- Disable some compiler optimizations that tend to generate human unreadable
- assembler output. This may make the kernel slightly slower, but it helps
- to keep kernel developers who have to stare a lot at assembler listings
- sane.
+ bool "Generate readable assembler code"
+ depends on DEBUG_KERNEL
+ help
+ Disable some compiler optimizations that tend to generate human unreadable
+ assembler output. This may make the kernel slightly slower, but it helps
+ to keep kernel developers who have to stare a lot at assembler listings
+ sane.
config DEBUG_FS
bool "Debug Filesystem"
@@ -508,11 +508,11 @@ config DEBUG_OBJECTS_PERCPU_COUNTER
config DEBUG_OBJECTS_ENABLE_DEFAULT
int "debug_objects bootup default value (0-1)"
- range 0 1
- default "1"
- depends on DEBUG_OBJECTS
- help
- Debug objects boot parameter default value
+ range 0 1
+ default "1"
+ depends on DEBUG_OBJECTS
+ help
+ Debug objects boot parameter default value
config DEBUG_SLAB
bool "Debug slab memory allocations"
@@ -631,7 +631,7 @@ config DEBUG_VM
depends on DEBUG_KERNEL
help
Enable this to turn on extended checks in the virtual-memory system
- that may impact performance.
+ that may impact performance.
If unsure, say N.
@@ -1421,7 +1421,7 @@ config DEBUG_WQ_FORCE_RR_CPU
be impacted.
config DEBUG_BLOCK_EXT_DEVT
- bool "Force extended block device numbers and spread them"
+ bool "Force extended block device numbers and spread them"
depends on DEBUG_KERNEL
depends on BLOCK
default n
@@ -2142,7 +2142,7 @@ config DEBUG_AID_FOR_SYZBOT
bool "Additional debug code for syzbot"
default n
help
- This option is intended for testing by syzbot.
+ This option is intended for testing by syzbot.
source "arch/$(SRCARCH)/Kconfig.debug"
@@ -64,9 +64,9 @@ config KGDB_LOW_LEVEL_TRAP
depends on X86 || MIPS
default n
help
- This will add an extra call back to kgdb for the breakpoint
- exception handler which will allow kgdb to step through a
- notify handler.
+ This will add an extra call back to kgdb for the breakpoint
+ exception handler which will allow kgdb to step through a
+ notify handler.
config KGDB_KDB
bool "KGDB_KDB: include kdb frontend for kgdb"
@@ -96,7 +96,7 @@ config KDB_DEFAULT_ENABLE
The config option merely sets the default at boot time. Both
issuing 'echo X > /sys/module/kdb/parameters/cmd_enable' or
- setting with kdb.cmd_enable=X kernel command line option will
+ setting with kdb.cmd_enable=X kernel command line option will
override the default settings.
config KDB_KEYBOARD
@@ -160,9 +160,9 @@ config MEMORY_HOTPLUG_SPARSE
depends on SPARSEMEM && MEMORY_HOTPLUG
config MEMORY_HOTPLUG_DEFAULT_ONLINE
- bool "Online the newly added memory blocks by default"
- depends on MEMORY_HOTPLUG
- help
+ bool "Online the newly added memory blocks by default"
+ depends on MEMORY_HOTPLUG
+ help
This option sets the default policy setting for memory hotplug
onlining policy (/sys/devices/system/memory/auto_online_blocks) which
determines what happens to newly added memory regions. Policy setting
@@ -227,14 +227,14 @@ config COMPACTION
select MIGRATION
depends on MMU
help
- Compaction is the only memory management component to form
- high order (larger physically contiguous) memory blocks
- reliably. The page allocator relies on compaction heavily and
- the lack of the feature can lead to unexpected OOM killer
- invocations for high order memory requests. You shouldn't
- disable this option unless there really is a strong reason for
- it and then we would be really interested to hear about that at
- linux-mm@kvack.org.
+ Compaction is the only memory management component to form
+ high order (larger physically contiguous) memory blocks
+ reliably. The page allocator relies on compaction heavily and
+ the lack of the feature can lead to unexpected OOM killer
+ invocations for high order memory requests. You shouldn't
+ disable this option unless there really is a strong reason for
+ it and then we would be really interested to hear about that at
+ linux-mm@kvack.org.
#
# support for page migration
@@ -301,10 +301,10 @@ config KSM
root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
config DEFAULT_MMAP_MIN_ADDR
- int "Low address space to protect from user allocation"
+ int "Low address space to protect from user allocation"
depends on MMU
- default 4096
- help
+ default 4096
+ help
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
@@ -13,7 +13,7 @@ config SAMPLE_TRACE_EVENTS
This build trace event example modules.
config SAMPLE_TRACE_PRINTK
- tristate "Build trace_printk module - tests various trace_printk formats"
+ tristate "Build trace_printk module - tests various trace_printk formats"
depends on EVENT_TRACING && m
help
This builds a module that calls trace_printk() and can be used to
@@ -32,7 +32,7 @@ config SECURITY_APPARMOR_HASH_DEFAULT
depends on SECURITY_APPARMOR_HASH
default y
help
- This option selects whether sha1 hashing of loaded policy
+ This option selects whether sha1 hashing of loaded policy
is enabled by default. The generation of sha1 hashes for
loaded policy provide system administrators a quick way
to verify that policy in the kernel matches what is expected,
@@ -34,10 +34,10 @@ config INTEGRITY_ASYMMETRIC_KEYS
bool "Enable asymmetric keys support"
depends on INTEGRITY_SIGNATURE
default n
- select ASYMMETRIC_KEY_TYPE
- select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- select CRYPTO_RSA
- select X509_CERTIFICATE_PARSER
+ select ASYMMETRIC_KEY_TYPE
+ select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select CRYPTO_RSA
+ select X509_CERTIFICATE_PARSER
help
This option enables digital signature verification using
asymmetric keys.
@@ -53,14 +53,14 @@ config INTEGRITY_TRUSTED_KEYRING
keyring.
config INTEGRITY_PLATFORM_KEYRING
- bool "Provide keyring for platform/firmware trusted keys"
- depends on INTEGRITY_ASYMMETRIC_KEYS
- depends on SYSTEM_BLACKLIST_KEYRING
- help
- Provide a separate, distinct keyring for platform trusted keys, which
- the kernel automatically populates during initialization from values
- provided by the platform for verifying the kexec'ed kerned image
- and, possibly, the initramfs signature.
+ bool "Provide keyring for platform/firmware trusted keys"
+ depends on INTEGRITY_ASYMMETRIC_KEYS
+ depends on SYSTEM_BLACKLIST_KEYRING
+ help
+ Provide a separate, distinct keyring for platform trusted keys, which
+ the kernel automatically populates during initialization from values
+ provided by the platform for verifying the kexec'ed kerned image
+ and, possibly, the initramfs signature.
config LOAD_UEFI_KEYS
depends on INTEGRITY_PLATFORM_KEYRING
@@ -159,13 +159,13 @@ config IMA_APPRAISE
If unsure, say N.
config IMA_ARCH_POLICY
- bool "Enable loading an IMA architecture specific policy"
- depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \
+ bool "Enable loading an IMA architecture specific policy"
+ depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \
&& INTEGRITY_ASYMMETRIC_KEYS
- default n
- help
- This option enables loading an IMA architecture specific policy
- based on run time secure boot flags.
+ default n
+ help
+ This option enables loading an IMA architecture specific policy
+ based on run time secure boot flags.
config IMA_APPRAISE_BUILD_POLICY
bool "IMA build time configured policy rules"
@@ -1,15 +1,15 @@
# SPDX-License-Identifier: GPL-2.0-only
config SECURITY_SAFESETID
- bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities"
- depends on SECURITY
- select SECURITYFS
- default n
- help
- SafeSetID is an LSM module that gates the setid family of syscalls to
- restrict UID/GID transitions from a given UID/GID to only those
- approved by a system-wide whitelist. These restrictions also prohibit
- the given UIDs/GIDs from obtaining auxiliary privileges associated
- with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
- UID mappings.
+ bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities"
+ depends on SECURITY
+ select SECURITYFS
+ default n
+ help
+ SafeSetID is an LSM module that gates the setid family of syscalls to
+ restrict UID/GID transitions from a given UID/GID to only those
+ approved by a system-wide whitelist. These restrictions also prohibit
+ the given UIDs/GIDs from obtaining auxiliary privileges associated
+ with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
+ UID mappings.
- If you are unsure how to answer this question, answer N.
+ If you are unsure how to answer this question, answer N.
Adjust indentation from spaces to tab (+optional two spaces) as in coding style with command like: $ sed -e 's/^ /\t/' -i */Kconfig Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> --- certs/Kconfig | 14 ++++++------- init/Kconfig | 28 +++++++++++++------------- kernel/trace/Kconfig | 8 ++++---- lib/Kconfig | 2 +- lib/Kconfig.debug | 36 +++++++++++++++++----------------- lib/Kconfig.kgdb | 8 ++++---- mm/Kconfig | 28 +++++++++++++------------- samples/Kconfig | 2 +- security/apparmor/Kconfig | 2 +- security/integrity/Kconfig | 24 +++++++++++------------ security/integrity/ima/Kconfig | 12 ++++++------ security/safesetid/Kconfig | 24 +++++++++++------------ 12 files changed, 94 insertions(+), 94 deletions(-)