Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for kernel 5.10 #1526

Merged
merged 7 commits into from
Apr 28, 2021
Merged

add support for kernel 5.10 #1526

merged 7 commits into from
Apr 28, 2021

Commits on Apr 28, 2021

  1. rename kernel package to kernel-5.4 

    This allows us to add other kernels to the packages tree.

Signed-off-by: Ben Cressey <[email protected]>
    @bcressey
    bcressey committed Apr 28, 2021
    Configuration menu
    Copy the full SHA
    55d30fa View commit details
    Browse the repository at this point in the history

  2. add kernel 5.10 package 

    Signed-off-by: Ben Cressey <[email protected]>
    @bcressey
    bcressey committed Apr 28, 2021
    Configuration menu
    Copy the full SHA
    e218e79 View commit details
    Browse the repository at this point in the history

  3. move kernel dependency to variant definitions 

    Since we have multiple kernel versions available, variants must now
define the version they want to include.

Signed-off-by: Ben Cressey <[email protected]>
    @bcressey
    bcressey committed Apr 28, 2021
    Configuration menu
    Copy the full SHA
    55f3ad4 View commit details
    Browse the repository at this point in the history

  4. kernel: omit filesystem package dependency 

    The "filesystem" package is an implicit dependency for all packages,
and it's pulled in by release.

Signed-off-by: Ben Cressey <[email protected]>
    @bcressey
    bcressey committed Apr 28, 2021
    Configuration menu
    Copy the full SHA
    45dfb75 View commit details
    Browse the repository at this point in the history

  5. selinux-policy: update for kernel 5.10 

    Enable the new "genfs_seclabel_symlinks" capability to label symlinks
on kernel filesystems in the same way that files and directories are
labeled.

Add the new "perfmon", "bpf", and "checkpoint_restore" actions to the
"capability2" and "cap2_userns" classes. Add the new "perf_event" and
"lockdown" classes and the corresponding actions.

Add the new permissions into the blanket "systems" permission set, so
that we continue to rely on the existing kernel access checks without
adding new SELinux restrictions.

Signed-off-by: Ben Cressey <[email protected]>
    @bcressey
    bcressey committed Apr 28, 2021
    Configuration menu
    Copy the full SHA
    be005b6 View commit details
    Browse the repository at this point in the history

  6. refactor kmod kit creation 

    Now that the installed kernel is a property of the variant, we need
to ensure that the kmod kit includes the development files that match
the chosen kernel.

By creating it as another stage in the variant build, it's easier to
find the right files, and to guarantee that the kmod kit is recreated
whenever the image changes.

Signed-off-by: Ben Cressey <[email protected]>
    @bcressey
    bcressey committed Apr 28, 2021
    Configuration menu
    Copy the full SHA
    e0af06e View commit details
    Browse the repository at this point in the history

  7. release: update sysctl defaults to match AL2 

    In the 5.10 kernel, the settings for `net.ipv4.ip_default_ttl` and
`net.ipv4.tcp_wmem` are no longer applied by patching the kernel.

Add them to sysctl defaults to keep the same values for both kernels.

Signed-off-by: Ben Cressey <[email protected]>
    @bcressey
    bcressey committed Apr 28, 2021
    Configuration menu
    Copy the full SHA
    cfb32fc View commit details
    Browse the repository at this point in the history