##// END OF EJS Templates
.,.
Unknown -
r351:c1f79aebdb86
parent child
Show More
@@ -330,7 +330,7 With this parameter set to true the script expects the existing kernel sources d
330 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
330 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
331
331
332 ##### `KERNEL_NF`=false
332 ##### `KERNEL_NF`=false
333 Enable Netfilter modules as kernel modules (systemd compilations about it (File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls)
333 Enable Netfilter modules as kernel modules
334
334
335 ##### `KERNEL_VIRT`=false
335 ##### `KERNEL_VIRT`=false
336 Enable Kernel KVM support (/dev/kvm)
336 Enable Kernel KVM support (/dev/kvm)
@@ -338,8 +338,8 Enable Kernel KVM support (/dev/kvm)
338 ##### `KERNEL_ZSWAP`=false
338 ##### `KERNEL_ZSWAP`=false
339 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
339 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
340
340
341
341 ##### `KERNEL_BPF`=true
342
342 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
343
343
344 ---
344 ---
345
345
@@ -111,10 +111,9 if [ "$BUILD_KERNEL" = true ] ; then
111 set_kernel_config VHOST_NET m
111 set_kernel_config VHOST_NET m
112 set_kernel_config VHOST_CROSS_ENDIAN_LEGACY y
112 set_kernel_config VHOST_CROSS_ENDIAN_LEGACY y
113 fi
113 fi
114
115 if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
116 #See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
114 #See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
117 # Netfilter kernel support
115 # Netfilter kernel support
116 if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
118 # xtables
117 # xtables
119 set_kernel_config NETFILTER_XTABLES m
118 set_kernel_config NETFILTER_XTABLES m
120 # Netfilter nf_tables support
119 # Netfilter nf_tables support
@@ -213,6 +212,14 if [ "$BUILD_KERNEL" = true ] ; then
213 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
212 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
214 fi
213 fi
215
214
215 #https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
216 #https://github.com/torvalds/linux/blob/master/init/Kconfig#L848
217 # Enables BPF syscall for systemd-journald
218 if [ "$KERNEL_BPF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
219 set_kernel_config CONFIG_BPF_SYSCALL y
220 set_kernel_config CONFIG_CGROUP_BPF y
221 fi
222
216 popd
223 popd
217
224
218 if [ "$KERNELSRC_CONFIG" = true ] ; then
225 if [ "$KERNELSRC_CONFIG" = true ] ; then
@@ -172,8 +172,9 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
172 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
172 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
173 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
173 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
174 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
174 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=true}
175 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
176 KERNEL_VIRT=${KERNEL_VIRT:=true}
176 KERNEL_VIRT=${KERNEL_VIRT:=false}
177 KERNEL_BPF${KERNEL_BPF:=true}
177
178
178 # Kernel compilation from source directory settings
179 # Kernel compilation from source directory settings
179 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
180 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant