diff mbox series

[6.6] arm64: configs: Enable additional docker configs

Message ID 20241028045340.1079402-1-s-joshi@ti.com (mailing list archive)
State New
Headers show
Series [6.6] arm64: configs: Enable additional docker configs | expand

Commit Message

Suhaas Joshi Oct. 28, 2024, 4:53 a.m. UTC
Docker requires a list of config options to be enabled in the kernel.
This list is generated by the script at [1]. The list has "mandatory"
configs and "optional" ones. The mandatory ones are already enabled, so
Docker works well with some images. But many of the optional ones,
particularly security and network configs, aren't enabled. So
enable those so that Docker can pull and run all valid images.

The configs generated are listed below.

Generally Necessary
...
- CONFIG_MEMCG_SWAP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_SECURITY_SELINUX: enabled
- CONFIG_SECURITY_APPARMOR: enabled
- CONFIG_EXT3_FS_XATTR: enabled
- CONFIG_EXT3_FS_POSIX_ACL: enabled
- CONFIG_EXT3_FS_SECURITY: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- CONFIG_VXLAN: enabled (as module)
- CONFIG_CRYPTO_SEQIV: enabled (as module)
- CONFIG_XFRM: enabled
- CONFIG_XFRM_USER: enabled
- CONFIG_XFRM_ALGO: enabled
- CONFIG_INET_ESP: enabled
- CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module)
- CONFIG_IPVLAN: enabled (as module)
- CONFIG_DUMMY: enabled (as module)
- CONFIG_NF_NAT_FTP: enabled (as module)
- CONFIG_NF_CONNTRACK_FTP: enabled (as module)
- CONFIG_NF_NAT_TFTP: enabled (as module)
- CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
...

[1] https://github.com/moby/moby/blob/25.0/contrib/check-config.sh

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm64/configs/defconfig | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

Comments

Suhaas Joshi Oct. 28, 2024, 3:22 p.m. UTC | #1
Hi all,

This patch is a mistake. Please disregard it. I will send a new patch
across the latest baseline, with a better commit message.

Thanks
Suhaas

On 10:23-20241028, Suhaas Joshi wrote:
> Docker requires a list of config options to be enabled in the kernel.
> This list is generated by the script at [1]. The list has "mandatory"
> configs and "optional" ones. The mandatory ones are already enabled, so
> Docker works well with some images. But many of the optional ones,
> particularly security and network configs, aren't enabled. So
> enable those so that Docker can pull and run all valid images.
> 
> The configs generated are listed below.
> 
> Generally Necessary
> ...
> - CONFIG_MEMCG_SWAP: enabled
> - CONFIG_BLK_DEV_THROTTLING: enabled
> - CONFIG_NET_CLS_CGROUP: enabled (as module)
> - CONFIG_CGROUP_NET_PRIO: enabled
> - CONFIG_CFS_BANDWIDTH: enabled
> - CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
> - CONFIG_IP_VS_NFCT: enabled
> - CONFIG_IP_VS_PROTO_TCP: enabled
> - CONFIG_IP_VS_PROTO_UDP: enabled
> - CONFIG_IP_VS_RR: enabled (as module)
> - CONFIG_SECURITY_SELINUX: enabled
> - CONFIG_SECURITY_APPARMOR: enabled
> - CONFIG_EXT3_FS_XATTR: enabled
> - CONFIG_EXT3_FS_POSIX_ACL: enabled
> - CONFIG_EXT3_FS_SECURITY: enabled
> - CONFIG_EXT4_FS_SECURITY: enabled
> - CONFIG_VXLAN: enabled (as module)
> - CONFIG_CRYPTO_SEQIV: enabled (as module)
> - CONFIG_XFRM: enabled
> - CONFIG_XFRM_USER: enabled
> - CONFIG_XFRM_ALGO: enabled
> - CONFIG_INET_ESP: enabled
> - CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module)
> - CONFIG_IPVLAN: enabled (as module)
> - CONFIG_DUMMY: enabled (as module)
> - CONFIG_NF_NAT_FTP: enabled (as module)
> - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
> - CONFIG_NF_NAT_TFTP: enabled (as module)
> - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
> ...
> 
> [1] https://github.com/moby/moby/blob/25.0/contrib/check-config.sh
> 
> Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
> ---
>  arch/arm64/configs/defconfig | 29 +++++++++++++++++++++++++++++
>  1 file changed, 29 insertions(+)
> 
> diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
> index 7ffb46b74ae5..c37f18bddd38 100644
> --- a/arch/arm64/configs/defconfig
> +++ b/arch/arm64/configs/defconfig
> @@ -1,6 +1,7 @@
>  CONFIG_SYSVIPC=y
>  CONFIG_POSIX_MQUEUE=y
>  CONFIG_AUDIT=y
> +CONFIG_DUMMY=m
>  CONFIG_NO_HZ_IDLE=y
>  CONFIG_HIGH_RES_TIMERS=y
>  CONFIG_BPF_SYSCALL=y
> @@ -16,7 +17,9 @@ CONFIG_IKCONFIG=y
>  CONFIG_IKCONFIG_PROC=y
>  CONFIG_NUMA_BALANCING=y
>  CONFIG_MEMCG=y
> +CONFIG_MEMCG_SWAP=y
>  CONFIG_BLK_CGROUP=y
> +CONFIG_CFS_BANDWIDTH=y
>  CONFIG_CGROUP_PIDS=y
>  CONFIG_CGROUP_FREEZER=y
>  CONFIG_CGROUP_HUGETLB=y
> @@ -28,6 +31,7 @@ CONFIG_CGROUP_BPF=y
>  CONFIG_USER_NS=y
>  CONFIG_SCHED_AUTOGROUP=y
>  CONFIG_BLK_DEV_INITRD=y
> +CONFIG_BLK_DEV_THROTTLING=y
>  CONFIG_KALLSYMS_ALL=y
>  CONFIG_PROFILING=y
>  CONFIG_KEXEC=y
> @@ -135,22 +139,33 @@ CONFIG_IP_PNP=y
>  CONFIG_IP_PNP_DHCP=y
>  CONFIG_IP_PNP_BOOTP=y
>  CONFIG_IPV6=m
> +CONFIG_IPVLAN=m
>  CONFIG_NETFILTER=y
>  CONFIG_BRIDGE_NETFILTER=m
>  CONFIG_NF_CONNTRACK=m
>  CONFIG_NF_CONNTRACK_EVENTS=y
> +CONFIG_NF_NAT_FTP=m
> +CONFIG_NF_NAT_TFTP=m
> +CONFIG_NF_CONNTRACK_FTP=m
> +CONFIG_NF_CONNTRACK_TFTP=m
>  CONFIG_NETFILTER_XT_MARK=m
>  CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
>  CONFIG_NETFILTER_XT_TARGET_LOG=m
>  CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
>  CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
>  CONFIG_NETFILTER_XT_MATCH_IPVS=m
> +CONFIG_NETFILTER_XT_MATCH_BPF=m
>  CONFIG_IP_VS=m
> +CONFIG_IP_VS_PROTO_TCP=y
> +CONFIG_IP_VS_PROTO_UDP=y
> +CONFIG_IP_VS_RR=m
> +CONFIG_IP_VS_NFCT=y
>  CONFIG_IP_NF_IPTABLES=m
>  CONFIG_IP_NF_FILTER=m
>  CONFIG_IP_NF_TARGET_REJECT=m
>  CONFIG_IP_NF_NAT=m
>  CONFIG_IP_NF_TARGET_MASQUERADE=m
> +CONFIG_IP_NF_TARGET_REDIRECT=m
>  CONFIG_IP_NF_MANGLE=m
>  CONFIG_IP6_NF_IPTABLES=m
>  CONFIG_IP6_NF_FILTER=m
> @@ -171,6 +186,7 @@ CONFIG_NET_SCH_TAPRIO=m
>  CONFIG_NET_SCH_MQPRIO=m
>  CONFIG_NET_SCH_INGRESS=m
>  CONFIG_NET_CLS_BASIC=m
> +CONFIG_NET_CLS_CGROUP=m
>  CONFIG_NET_CLS_ROUTE4=m
>  CONFIG_NET_CLS_FW=m
>  CONFIG_NET_CLS_U32=m
> @@ -198,6 +214,7 @@ CONFIG_NET_ACT_GATE=m
>  CONFIG_HSR=m
>  CONFIG_QRTR_SMD=m
>  CONFIG_QRTR_TUN=m
> +CONFIG_CGROUP_NET_PRIO=y
>  CONFIG_CAN=m
>  CONFIG_BT=m
>  CONFIG_BT_HIDP=m
> @@ -1573,7 +1590,12 @@ CONFIG_HTE_TEGRA194=y
>  CONFIG_HTE_TEGRA194_TEST=m
>  CONFIG_EXT2_FS=y
>  CONFIG_EXT3_FS=y
> +CONFIG_EXT3_FS_XATTR=y
> +CONFIG_EXT3_FS_POSIX_ACL=y
> +CONFIG_EXT3_FS_SECURITY=y
>  CONFIG_EXT4_FS_POSIX_ACL=y
> +CONFIG_EXT4_FS_SECURITY=y
> +CONFIG_VXLAN=m
>  CONFIG_BTRFS_FS=m
>  CONFIG_BTRFS_FS_POSIX_ACL=y
>  CONFIG_FANOTIFY=y
> @@ -1598,6 +1620,8 @@ CONFIG_9P_FS=y
>  CONFIG_NLS_CODEPAGE_437=y
>  CONFIG_NLS_ISO8859_1=y
>  CONFIG_SECURITY=y
> +CONFIG_SECURITY_SELINUX=y
> +CONFIG_SECURITY_APPARMOR=y
>  CONFIG_CRYPTO_USER=y
>  CONFIG_CRYPTO_TEST=m
>  CONFIG_CRYPTO_ECHAINIV=y
> @@ -1628,6 +1652,11 @@ CONFIG_CRYPTO_DEV_HISI_HPRE=m
>  CONFIG_CRYPTO_DEV_HISI_TRNG=m
>  CONFIG_CRYPTO_DEV_SA2UL=m
>  CONFIG_CRYPTO_DEV_TI_MCRC64=m
> +CONFIG_CRYPTO_SEQIV=m
> +CONFIG_XFRM=y
> +CONFIG_XFRM_USER=y
> +CONFIG_XFRM_ALGO=y
> +CONFIG_INET_ESP=y
>  CONFIG_DMA_RESTRICTED_POOL=y
>  CONFIG_CMA_SIZE_MBYTES=32
>  CONFIG_PRINTK_TIME=y
> -- 
> 2.40.0
>
diff mbox series

Patch

diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
index 7ffb46b74ae5..c37f18bddd38 100644
--- a/arch/arm64/configs/defconfig
+++ b/arch/arm64/configs/defconfig
@@ -1,6 +1,7 @@ 
 CONFIG_SYSVIPC=y
 CONFIG_POSIX_MQUEUE=y
 CONFIG_AUDIT=y
+CONFIG_DUMMY=m
 CONFIG_NO_HZ_IDLE=y
 CONFIG_HIGH_RES_TIMERS=y
 CONFIG_BPF_SYSCALL=y
@@ -16,7 +17,9 @@  CONFIG_IKCONFIG=y
 CONFIG_IKCONFIG_PROC=y
 CONFIG_NUMA_BALANCING=y
 CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
 CONFIG_BLK_CGROUP=y
+CONFIG_CFS_BANDWIDTH=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CGROUP_HUGETLB=y
@@ -28,6 +31,7 @@  CONFIG_CGROUP_BPF=y
 CONFIG_USER_NS=y
 CONFIG_SCHED_AUTOGROUP=y
 CONFIG_BLK_DEV_INITRD=y
+CONFIG_BLK_DEV_THROTTLING=y
 CONFIG_KALLSYMS_ALL=y
 CONFIG_PROFILING=y
 CONFIG_KEXEC=y
@@ -135,22 +139,33 @@  CONFIG_IP_PNP=y
 CONFIG_IP_PNP_DHCP=y
 CONFIG_IP_PNP_BOOTP=y
 CONFIG_IPV6=m
+CONFIG_IPVLAN=m
 CONFIG_NETFILTER=y
 CONFIG_BRIDGE_NETFILTER=m
 CONFIG_NF_CONNTRACK=m
 CONFIG_NF_CONNTRACK_EVENTS=y
+CONFIG_NF_NAT_FTP=m
+CONFIG_NF_NAT_TFTP=m
+CONFIG_NF_CONNTRACK_FTP=m
+CONFIG_NF_CONNTRACK_TFTP=m
 CONFIG_NETFILTER_XT_MARK=m
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
 CONFIG_NETFILTER_XT_TARGET_LOG=m
 CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
 CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
 CONFIG_NETFILTER_XT_MATCH_IPVS=m
+CONFIG_NETFILTER_XT_MATCH_BPF=m
 CONFIG_IP_VS=m
+CONFIG_IP_VS_PROTO_TCP=y
+CONFIG_IP_VS_PROTO_UDP=y
+CONFIG_IP_VS_RR=m
+CONFIG_IP_VS_NFCT=y
 CONFIG_IP_NF_IPTABLES=m
 CONFIG_IP_NF_FILTER=m
 CONFIG_IP_NF_TARGET_REJECT=m
 CONFIG_IP_NF_NAT=m
 CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
 CONFIG_IP_NF_MANGLE=m
 CONFIG_IP6_NF_IPTABLES=m
 CONFIG_IP6_NF_FILTER=m
@@ -171,6 +186,7 @@  CONFIG_NET_SCH_TAPRIO=m
 CONFIG_NET_SCH_MQPRIO=m
 CONFIG_NET_SCH_INGRESS=m
 CONFIG_NET_CLS_BASIC=m
+CONFIG_NET_CLS_CGROUP=m
 CONFIG_NET_CLS_ROUTE4=m
 CONFIG_NET_CLS_FW=m
 CONFIG_NET_CLS_U32=m
@@ -198,6 +214,7 @@  CONFIG_NET_ACT_GATE=m
 CONFIG_HSR=m
 CONFIG_QRTR_SMD=m
 CONFIG_QRTR_TUN=m
+CONFIG_CGROUP_NET_PRIO=y
 CONFIG_CAN=m
 CONFIG_BT=m
 CONFIG_BT_HIDP=m
@@ -1573,7 +1590,12 @@  CONFIG_HTE_TEGRA194=y
 CONFIG_HTE_TEGRA194_TEST=m
 CONFIG_EXT2_FS=y
 CONFIG_EXT3_FS=y
+CONFIG_EXT3_FS_XATTR=y
+CONFIG_EXT3_FS_POSIX_ACL=y
+CONFIG_EXT3_FS_SECURITY=y
 CONFIG_EXT4_FS_POSIX_ACL=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_VXLAN=m
 CONFIG_BTRFS_FS=m
 CONFIG_BTRFS_FS_POSIX_ACL=y
 CONFIG_FANOTIFY=y
@@ -1598,6 +1620,8 @@  CONFIG_9P_FS=y
 CONFIG_NLS_CODEPAGE_437=y
 CONFIG_NLS_ISO8859_1=y
 CONFIG_SECURITY=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_APPARMOR=y
 CONFIG_CRYPTO_USER=y
 CONFIG_CRYPTO_TEST=m
 CONFIG_CRYPTO_ECHAINIV=y
@@ -1628,6 +1652,11 @@  CONFIG_CRYPTO_DEV_HISI_HPRE=m
 CONFIG_CRYPTO_DEV_HISI_TRNG=m
 CONFIG_CRYPTO_DEV_SA2UL=m
 CONFIG_CRYPTO_DEV_TI_MCRC64=m
+CONFIG_CRYPTO_SEQIV=m
+CONFIG_XFRM=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_ALGO=y
+CONFIG_INET_ESP=y
 CONFIG_DMA_RESTRICTED_POOL=y
 CONFIG_CMA_SIZE_MBYTES=32
 CONFIG_PRINTK_TIME=y