@@ -1,6 +1,7 @@
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
CONFIG_AUDIT=y
+CONFIG_DUMMY=m
CONFIG_NO_HZ_IDLE=y
CONFIG_HIGH_RES_TIMERS=y
CONFIG_BPF_SYSCALL=y
@@ -16,7 +17,9 @@ CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_NUMA_BALANCING=y
CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
CONFIG_BLK_CGROUP=y
+CONFIG_CFS_BANDWIDTH=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_HUGETLB=y
@@ -28,6 +31,7 @@ CONFIG_CGROUP_BPF=y
CONFIG_USER_NS=y
CONFIG_SCHED_AUTOGROUP=y
CONFIG_BLK_DEV_INITRD=y
+CONFIG_BLK_DEV_THROTTLING=y
CONFIG_KALLSYMS_ALL=y
CONFIG_PROFILING=y
CONFIG_KEXEC=y
@@ -135,22 +139,33 @@ CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
CONFIG_IP_PNP_BOOTP=y
CONFIG_IPV6=m
+CONFIG_IPVLAN=m
CONFIG_NETFILTER=y
CONFIG_BRIDGE_NETFILTER=m
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_EVENTS=y
+CONFIG_NF_NAT_FTP=m
+CONFIG_NF_NAT_TFTP=m
+CONFIG_NF_CONNTRACK_FTP=m
+CONFIG_NF_CONNTRACK_TFTP=m
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_IPVS=m
+CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_IP_VS=m
+CONFIG_IP_VS_PROTO_TCP=y
+CONFIG_IP_VS_PROTO_UDP=y
+CONFIG_IP_VS_RR=m
+CONFIG_IP_VS_NFCT=y
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_FILTER=m
@@ -171,6 +186,7 @@ CONFIG_NET_SCH_TAPRIO=m
CONFIG_NET_SCH_MQPRIO=m
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_CLS_BASIC=m
+CONFIG_NET_CLS_CGROUP=m
CONFIG_NET_CLS_ROUTE4=m
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
@@ -198,6 +214,7 @@ CONFIG_NET_ACT_GATE=m
CONFIG_HSR=m
CONFIG_QRTR_SMD=m
CONFIG_QRTR_TUN=m
+CONFIG_CGROUP_NET_PRIO=y
CONFIG_CAN=m
CONFIG_BT=m
CONFIG_BT_HIDP=m
@@ -1573,7 +1590,12 @@ CONFIG_HTE_TEGRA194=y
CONFIG_HTE_TEGRA194_TEST=m
CONFIG_EXT2_FS=y
CONFIG_EXT3_FS=y
+CONFIG_EXT3_FS_XATTR=y
+CONFIG_EXT3_FS_POSIX_ACL=y
+CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS_POSIX_ACL=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_VXLAN=m
CONFIG_BTRFS_FS=m
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_FANOTIFY=y
@@ -1598,6 +1620,8 @@ CONFIG_9P_FS=y
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_ISO8859_1=y
CONFIG_SECURITY=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_APPARMOR=y
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_TEST=m
CONFIG_CRYPTO_ECHAINIV=y
@@ -1628,6 +1652,11 @@ CONFIG_CRYPTO_DEV_HISI_HPRE=m
CONFIG_CRYPTO_DEV_HISI_TRNG=m
CONFIG_CRYPTO_DEV_SA2UL=m
CONFIG_CRYPTO_DEV_TI_MCRC64=m
+CONFIG_CRYPTO_SEQIV=m
+CONFIG_XFRM=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_ALGO=y
+CONFIG_INET_ESP=y
CONFIG_DMA_RESTRICTED_POOL=y
CONFIG_CMA_SIZE_MBYTES=32
CONFIG_PRINTK_TIME=y
Docker requires a list of config options to be enabled in the kernel. This list is generated by the script at [1]. The list has "mandatory" configs and "optional" ones. The mandatory ones are already enabled, so Docker works well with some images. But many of the optional ones, particularly security and network configs, aren't enabled. So enable those so that Docker can pull and run all valid images. The configs generated are listed below. Generally Necessary ... - CONFIG_MEMCG_SWAP: enabled - CONFIG_BLK_DEV_THROTTLING: enabled - CONFIG_NET_CLS_CGROUP: enabled (as module) - CONFIG_CGROUP_NET_PRIO: enabled - CONFIG_CFS_BANDWIDTH: enabled - CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module) - CONFIG_IP_VS_NFCT: enabled - CONFIG_IP_VS_PROTO_TCP: enabled - CONFIG_IP_VS_PROTO_UDP: enabled - CONFIG_IP_VS_RR: enabled (as module) - CONFIG_SECURITY_SELINUX: enabled - CONFIG_SECURITY_APPARMOR: enabled - CONFIG_EXT3_FS_XATTR: enabled - CONFIG_EXT3_FS_POSIX_ACL: enabled - CONFIG_EXT3_FS_SECURITY: enabled - CONFIG_EXT4_FS_SECURITY: enabled - CONFIG_VXLAN: enabled (as module) - CONFIG_CRYPTO_SEQIV: enabled (as module) - CONFIG_XFRM: enabled - CONFIG_XFRM_USER: enabled - CONFIG_XFRM_ALGO: enabled - CONFIG_INET_ESP: enabled - CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module) - CONFIG_IPVLAN: enabled (as module) - CONFIG_DUMMY: enabled (as module) - CONFIG_NF_NAT_FTP: enabled (as module) - CONFIG_NF_CONNTRACK_FTP: enabled (as module) - CONFIG_NF_NAT_TFTP: enabled (as module) - CONFIG_NF_CONNTRACK_TFTP: enabled (as module) ... [1] https://github.com/moby/moby/blob/25.0/contrib/check-config.sh Signed-off-by: Suhaas Joshi <s-joshi@ti.com> --- arch/arm64/configs/defconfig | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)