There is often a need to check a kernel config and other OS configuration to make a dev/design decision. The question often pops-up, does the popular distributions support the kernel config that the implementation expects? This is an attempt to answer that.
My specific use-case: KubeArmor leverages LSMs (Linux Security Modules) and eBPF for in-kernel policy controls. We had to refer to kernel configs for making design/dev decisions regarding whether we can depend on a certain kernel primitive. The boot configs part of this repo helped in making an informed choice.
Note: The lists below are sorted based on kernel version number.
Distro | Arch | Kernel | CONFIG_AUDIT | CONFIG_AUDIT_ARCH | CONFIG_AUDITSYSCALL |
---|---|---|---|---|---|
Fedora Linux 39 (Server Edition) | arm64 | 6.7.7-200.fc39.aarch64 | ✔️ | ❌ | ✔️ |
Ubuntu 22.04.4 LTS | x86 | 6.5.0-1014-gcp | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux trixie/sid | powerpc | 6.5.3 | ✔️ | ✔️ | ✔️ |
Arch Linux | x86 | 6.2.1-arch1 | ✔️ | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 6.1.85 | ✔️ | ✔️ | ✔️ |
Amazon Linux 2023 | x86_64 | 6.1.19-30.43.amzn2023.x86_64 | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux 12 (bookworm) | arm64 | 6.1.76 | ✔️ | ❌ | ✔️ |
Debian GNU/Linux 12 (bookworm) | x86 | 6.1.76 | ✔️ | ✔️ | ✔️ |
CBL-Mariner/Linux | x86_64 | 5.15.138.1 | ✔️ | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.15.86-53.137.amzn2.x86_64 | ✔️ | ✔️ | ✔️ |
Fedora CoreOS 35.20211203.3.0 | x86_64 | 5.15.6-200.fc35.x86_64 | ✔️ | ✔️ | ✔️ |
Pop!_OS 21.10 | x86 | 5.15.5-76051505-generic | ✔️ | ✔️ | ✔️ |
Ubuntu 22.04.3 LTS | x86 | 5.15.0-1051-azure | ✔️ | ✔️ | ✔️ |
Oracle Linux Server 8.8 | x86_64 | 5.15.0-103.114.4.el8uek.x86_64 | ✔️ | ✔️ | ✔️ |
Oracle Linux Server 8.7 | x86_64 | 5.15.0-6.80.3.1.el8uek.x86_64 | ✔️ | ✔️ | ✔️ |
AlmaLinux 9.3 (Shamrock Pampas Cat) | x86_64 | 5.14.0-362.18.1.el9_3.x86_64 | ✔️ | ✔️ | ✔️ |
Red Hat Enterprise Linux 9.2 (Plow) | x86_64 | 5.14.0-284.11.1.el9_2.x86_64 | ✔️ | ✔️ | ✔️ |
Rocky Linux 9.0 (Blue Onyx) | x86_64 | 5.14.0-70.13.1.el9_0.x86_64 | ✔️ | ✔️ | ✔️ |
Pop!_OS 21.04 | x86 | 5.11.0-7633-generic | ✔️ | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86 | 5.11.0-1026-gcp | ✔️ | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86_64 | 5.11.0-1022-aws | ✔️ | ✔️ | ✔️ |
Alibaba Cloud Linux 3 (Soaring Falcon) | x86 | 5.10.134-16.1.al8.x86_64 | ✔️ | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 5.10.90 | ✔️ | ✔️ | ✔️ |
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) | x86 | 5.10.84-flatcar | ✔️ | ✔️ | ✔️ |
Amazon Linux 2022 | x86_64 | 5.10.75-82.359.amzn2022.x86_64 | ✔️ | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.10.75-79.358.amzn2.x86_64 | ✔️ | ✔️ | ✔️ |
VMware Photon OS/Linux | x86_64 | 5.10.61 | ✔️ | ✔️ | ✔️ |
Raspbian GNU/Linux 10 (buster) | arm | 5.10.17 | ✔️ | ❌ | ✔️ |
Debian GNU/Linux 11 (bullseye) | x86 | 5.10.209 | ✔️ | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.4.226-129.415.amzn2.x86_64 | ✔️ | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 5.4.144 | ✔️ | ✔️ | ✔️ |
Ubuntu 18.04.6 LTS | x86_64 | 5.4.0-1060-aws | ✔️ | ✔️ | ✔️ |
k3OS v0.21.5-k3s2r1 | x86 | 5.4.0-88-generic | ✔️ | ✔️ | ✔️ |
SUSE Linux Enterprise Server 15 SP3 | x86 | 5.3.18 | ✔️ | ✔️ | ✔️ |
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) | x86 | 4.19.91-27.7.al7.x86_64 | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.304 | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.181 | ✔️ | ✔️ | ✔️ |
Rocky Linux 8.7 (Green Obsidian) | x86_64 | 4.18.0-425.10.1.el8_7.x86_64 | ✔️ | ✔️ | ✔️ |
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) | x86_64 | 4.18.0-372.93.1.el8_6.x86_64 | ✔️ | ✔️ | ✔️ |
Oracle Linux Server 8.6 | x86_64 | 4.18.0-372.9.1.el8.x86_64 | ✔️ | ✔️ | ✔️ |
Red Hat Enterprise Linux 8.5 (Ootpa) | x86_64 | 4.18.0-348.el8.x86_64 | ✔️ | ✔️ | ✔️ |
CentOS Linux 8 | x86_64 | 4.18.0-348.7.1.el8_5.x86_64 | ✔️ | ✔️ | ✔️ |
Red Hat Enterprise Linux 8.4 (Ootpa) | x86_64 | 4.18.0-305.el8.x86_64 | ✔️ | ✔️ | ✔️ |
CentOS Linux 8 | x86_64 | 4.18.0-240.1.1.el8_3.x86_64 | ✔️ | ✔️ | ✔️ |
Red Hat Enterprise Linux 8.1 (Ootpa) | x86_64 | 4.18.0-147.57.1.el8_1.x86_64 | ✔️ | ✔️ | ✔️ |
Ubuntu 18.04.6 LTS | x86 | 4.15.0-163-generic | ✔️ | ✔️ | ✔️ |
Ubuntu 16.04.7 LTS | x86 | 4.15.0-142-generic | ✔️ | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 4.14.252-195.483.amzn2.x86_64 | ✔️ | ✔️ | ✔️ |
RancherOS v1.5.8 | x86 | 4.14.138 | ✔️ | ✔️ | ✔️ |
SUSE Linux Enterprise Server 12 SP5 | x86_64 | 4.12.14 | ✔️ | ✔️ | ✔️ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1160.102.1.el7.x86_64 | ✔️ | ✔️ | ✔️ |
Red Hat Enterprise Linux Server 7.9 (Maipo) | x86_64 | 3.10.0-1160.59.1.el7.x86_64 | ✔️ | ✔️ | ✔️ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1127.el7.x86_64 | ✔️ | ✔️ | ✔️ |
This table lists kernel audit support. There is a userspace auditd daemon that is a separate accessory tooling leveraging kernel audit support. This table has nothing to do with userspace components.
Distro | Arch | Kernel | CONFIG_BPF | CGROUP_BPF | BPF_SYSCALL | BPF_JIT | BPF_LSM | BPF_KPROBE_OVERRIDE | BPFILTER | NET_ACT_BPF | NET_CLS_BPF | BPF_EVENTS | LWTUNNEL_BPF | BPF_STREAM_PARSER | NETFILTER_XT_MATCH_BPF | IPV6_SEG6_BPF |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fedora Linux 39 (Server Edition) | arm64 | 6.7.7-200.fc39.aarch64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Ubuntu 22.04.4 LTS | x86 | 6.5.0-1014-gcp | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux trixie/sid | powerpc | 6.5.3 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Arch Linux | x86 | 6.2.1-arch1 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 6.1.85 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Amazon Linux 2023 | x86_64 | 6.1.19-30.43.amzn2023.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux 12 (bookworm) | arm64 | 6.1.76 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux 12 (bookworm) | x86 | 6.1.76 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
CBL-Mariner/Linux | x86_64 | 5.15.138.1 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ❌ |
Amazon Linux 2 | x86_64 | 5.15.86-53.137.amzn2.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Fedora CoreOS 35.20211203.3.0 | x86_64 | 5.15.6-200.fc35.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Pop!_OS 21.10 | x86 | 5.15.5-76051505-generic | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Ubuntu 22.04.3 LTS | x86 | 5.15.0-1051-azure | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Oracle Linux Server 8.8 | x86_64 | 5.15.0-103.114.4.el8uek.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Oracle Linux Server 8.7 | x86_64 | 5.15.0-6.80.3.1.el8uek.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
AlmaLinux 9.3 (Shamrock Pampas Cat) | x86_64 | 5.14.0-362.18.1.el9_3.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Red Hat Enterprise Linux 9.2 (Plow) | x86_64 | 5.14.0-284.11.1.el9_2.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Rocky Linux 9.0 (Blue Onyx) | x86_64 | 5.14.0-70.13.1.el9_0.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Pop!_OS 21.04 | x86 | 5.11.0-7633-generic | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86 | 5.11.0-1026-gcp | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86_64 | 5.11.0-1022-aws | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Alibaba Cloud Linux 3 (Soaring Falcon) | x86 | 5.10.134-16.1.al8.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Container-Optimized OS from Google | x86_64 | 5.10.90 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) | x86 | 5.10.84-flatcar | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ❌ |
Amazon Linux 2022 | x86_64 | 5.10.75-82.359.amzn2022.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.10.75-79.358.amzn2.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
VMware Photon OS/Linux | x86_64 | 5.10.61 | ✔️ | ❌ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ❌ |
Raspbian GNU/Linux 10 (buster) | arm | 5.10.17 | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ❌ | ✔️ | ❌ |
Debian GNU/Linux 11 (bullseye) | x86 | 5.10.209 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.4.226-129.415.amzn2.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 5.4.144 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Ubuntu 18.04.6 LTS | x86_64 | 5.4.0-1060-aws | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
k3OS v0.21.5-k3s2r1 | x86 | 5.4.0-88-generic | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
SUSE Linux Enterprise Server 15 SP3 | x86 | 5.3.18 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) | x86 | 4.19.91-27.7.al7.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.304 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.181 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Rocky Linux 8.7 (Green Obsidian) | x86_64 | 4.18.0-425.10.1.el8_7.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) | x86_64 | 4.18.0-372.93.1.el8_6.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Oracle Linux Server 8.6 | x86_64 | 4.18.0-372.9.1.el8.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Red Hat Enterprise Linux 8.5 (Ootpa) | x86_64 | 4.18.0-348.el8.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
CentOS Linux 8 | x86_64 | 4.18.0-348.7.1.el8_5.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Red Hat Enterprise Linux 8.4 (Ootpa) | x86_64 | 4.18.0-305.el8.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
CentOS Linux 8 | x86_64 | 4.18.0-240.1.1.el8_3.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Red Hat Enterprise Linux 8.1 (Ootpa) | x86_64 | 4.18.0-147.57.1.el8_1.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Ubuntu 18.04.6 LTS | x86 | 4.15.0-163-generic | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Ubuntu 16.04.7 LTS | x86 | 4.15.0-142-generic | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Amazon Linux 2 | x86_64 | 4.14.252-195.483.amzn2.x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
RancherOS v1.5.8 | x86 | 4.14.138 | ✔️ | ❌ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | ❌ |
SUSE Linux Enterprise Server 12 SP5 | x86_64 | 4.12.14 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1160.102.1.el7.x86_64 | ✔️ | ❌ | ✔️ | ✔️ | ❌ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ❌ |
Red Hat Enterprise Linux Server 7.9 (Maipo) | x86_64 | 3.10.0-1160.59.1.el7.x86_64 | ✔️ | ❌ | ✔️ | ✔️ | ❌ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ❌ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1127.el7.x86_64 | ✔️ | ❌ | ✔️ | ✔️ | ❌ | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ❌ | ❌ | ✔️ | ❌ |
CGROUP_BPF: Support for eBPF programs attached to cgroups. Allow attaching eBPF programs to a cgroup using the bpf(2) syscall command BPF_PROG_ATTACH.
Distro | Arch | Kernel | DM-Verity | DM-Verity FEC | FS-Verity | FS-Verity Signatures |
---|---|---|---|---|---|---|
Fedora Linux 39 (Server Edition) | arm64 | 6.7.7-200.fc39.aarch64 | ✔️ | ✔️ | ✔️ | ❌ |
Ubuntu 22.04.4 LTS | x86 | 6.5.0-1014-gcp | ✔️ | ❌ | ✔️ | ✔️ |
Debian GNU/Linux trixie/sid | powerpc | 6.5.3 | ✔️ | ✔️ | ✔️ | ✔️ |
Arch Linux | x86 | 6.2.1-arch1 | ✔️ | ✔️ | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 6.1.85 | ✔️ | ❌ | ❌ | ❌ |
Amazon Linux 2023 | x86_64 | 6.1.19-30.43.amzn2023.x86_64 | ❌ | ❌ | ❌ | ❌ |
Debian GNU/Linux 12 (bookworm) | arm64 | 6.1.76 | ✔️ | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux 12 (bookworm) | x86 | 6.1.76 | ✔️ | ✔️ | ✔️ | ✔️ |
CBL-Mariner/Linux | x86_64 | 5.15.138.1 | ✔️ | ✔️ | ❌ | ❌ |
Amazon Linux 2 | x86_64 | 5.15.86-53.137.amzn2.x86_64 | ❌ | ❌ | ❌ | ❌ |
Fedora CoreOS 35.20211203.3.0 | x86_64 | 5.15.6-200.fc35.x86_64 | ✔️ | ✔️ | ✔️ | ❌ |
Pop!_OS 21.10 | x86 | 5.15.5-76051505-generic | ✔️ | ❌ | ✔️ | ✔️ |
Ubuntu 22.04.3 LTS | x86 | 5.15.0-1051-azure | ✔️ | ❌ | ✔️ | ✔️ |
Oracle Linux Server 8.8 | x86_64 | 5.15.0-103.114.4.el8uek.x86_64 | ✔️ | ✔️ | ✔️ | ❌ |
Oracle Linux Server 8.7 | x86_64 | 5.15.0-6.80.3.1.el8uek.x86_64 | ✔️ | ✔️ | ✔️ | ❌ |
AlmaLinux 9.3 (Shamrock Pampas Cat) | x86_64 | 5.14.0-362.18.1.el9_3.x86_64 | ✔️ | ✔️ | ❌ | ❌ |
Red Hat Enterprise Linux 9.2 (Plow) | x86_64 | 5.14.0-284.11.1.el9_2.x86_64 | ✔️ | ✔️ | ❌ | ❌ |
Rocky Linux 9.0 (Blue Onyx) | x86_64 | 5.14.0-70.13.1.el9_0.x86_64 | ✔️ | ✔️ | ❌ | ❌ |
Pop!_OS 21.04 | x86 | 5.11.0-7633-generic | ✔️ | ❌ | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86 | 5.11.0-1026-gcp | ✔️ | ❌ | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86_64 | 5.11.0-1022-aws | ✔️ | ❌ | ✔️ | ✔️ |
Alibaba Cloud Linux 3 (Soaring Falcon) | x86 | 5.10.134-16.1.al8.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Container-Optimized OS from Google | x86_64 | 5.10.90 | ✔️ | ❌ | ❌ | ❌ |
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) | x86 | 5.10.84-flatcar | ✔️ | ❌ | ❌ | ❌ |
Amazon Linux 2022 | x86_64 | 5.10.75-82.359.amzn2022.x86_64 | ❌ | ❌ | ❌ | ❌ |
Amazon Linux 2 | x86_64 | 5.10.75-79.358.amzn2.x86_64 | ❌ | ❌ | ❌ | ❌ |
VMware Photon OS/Linux | x86_64 | 5.10.61 | ✔️ | ❌ | ❌ | ❌ |
Raspbian GNU/Linux 10 (buster) | arm | 5.10.17 | ❌ | ❌ | ❌ | ❌ |
Debian GNU/Linux 11 (bullseye) | x86 | 5.10.209 | ✔️ | ❌ | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.4.226-129.415.amzn2.x86_64 | ❌ | ❌ | ❌ | ❌ |
Container-Optimized OS from Google | x86_64 | 5.4.144 | ✔️ | ❌ | ❌ | ❌ |
Ubuntu 18.04.6 LTS | x86_64 | 5.4.0-1060-aws | ✔️ | ❌ | ✔️ | ✔️ |
k3OS v0.21.5-k3s2r1 | x86 | 5.4.0-88-generic | ✔️ | ❌ | ✔️ | ✔️ |
SUSE Linux Enterprise Server 15 SP3 | x86 | 5.3.18 | ✔️ | ✔️ | ❌ | ❌ |
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) | x86 | 4.19.91-27.7.al7.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.304 | ✔️ | ❌ | ❌ | ❌ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.181 | ✔️ | ❌ | ❌ | ❌ |
Rocky Linux 8.7 (Green Obsidian) | x86_64 | 4.18.0-425.10.1.el8_7.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) | x86_64 | 4.18.0-372.93.1.el8_6.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Oracle Linux Server 8.6 | x86_64 | 4.18.0-372.9.1.el8.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Red Hat Enterprise Linux 8.5 (Ootpa) | x86_64 | 4.18.0-348.el8.x86_64 | ✔️ | ❌ | ❌ | ❌ |
CentOS Linux 8 | x86_64 | 4.18.0-348.7.1.el8_5.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Red Hat Enterprise Linux 8.4 (Ootpa) | x86_64 | 4.18.0-305.el8.x86_64 | ✔️ | ❌ | ❌ | ❌ |
CentOS Linux 8 | x86_64 | 4.18.0-240.1.1.el8_3.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Red Hat Enterprise Linux 8.1 (Ootpa) | x86_64 | 4.18.0-147.57.1.el8_1.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Ubuntu 18.04.6 LTS | x86 | 4.15.0-163-generic | ✔️ | ❌ | ❌ | ❌ |
Ubuntu 16.04.7 LTS | x86 | 4.15.0-142-generic | ✔️ | ❌ | ❌ | ❌ |
Amazon Linux 2 | x86_64 | 4.14.252-195.483.amzn2.x86_64 | ❌ | ❌ | ❌ | ❌ |
RancherOS v1.5.8 | x86 | 4.14.138 | ✔️ | ❌ | ❌ | ❌ |
SUSE Linux Enterprise Server 12 SP5 | x86_64 | 4.12.14 | ✔️ | ✔️ | ❌ | ❌ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1160.102.1.el7.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Red Hat Enterprise Linux Server 7.9 (Maipo) | x86_64 | 3.10.0-1160.59.1.el7.x86_64 | ✔️ | ❌ | ❌ | ❌ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1127.el7.x86_64 | ✔️ | ❌ | ❌ | ❌ |
Distro | Arch | Kernel | BPF LSM | AppArmor | SELinux | LandLock | SMACK |
---|---|---|---|---|---|---|---|
Fedora Linux 39 (Server Edition) | arm64 | 6.7.7-200.fc39.aarch64 | ✔️ | ❌ | ✔️ | ✔️ | ❌ |
Ubuntu 22.04.4 LTS | x86 | 6.5.0-1014-gcp | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Debian GNU/Linux trixie/sid | powerpc | 6.5.3 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Arch Linux | x86 | 6.2.1-arch1 | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 6.1.85 | ✔️ | ✔️ | ❌ | ❌ | ❌ |
Amazon Linux 2023 | x86_64 | 6.1.19-30.43.amzn2023.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Debian GNU/Linux 12 (bookworm) | arm64 | 6.1.76 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Debian GNU/Linux 12 (bookworm) | x86 | 6.1.76 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
CBL-Mariner/Linux | x86_64 | 5.15.138.1 | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Amazon Linux 2 | x86_64 | 5.15.86-53.137.amzn2.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Fedora CoreOS 35.20211203.3.0 | x86_64 | 5.15.6-200.fc35.x86_64 | ✔️ | ❌ | ✔️ | ✔️ | ❌ |
Pop!_OS 21.10 | x86 | 5.15.5-76051505-generic | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Ubuntu 22.04.3 LTS | x86 | 5.15.0-1051-azure | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Oracle Linux Server 8.8 | x86_64 | 5.15.0-103.114.4.el8uek.x86_64 | ✔️ | ❌ | ✔️ | ✔️ | ❌ |
Oracle Linux Server 8.7 | x86_64 | 5.15.0-6.80.3.1.el8uek.x86_64 | ✔️ | ❌ | ✔️ | ✔️ | ❌ |
AlmaLinux 9.3 (Shamrock Pampas Cat) | x86_64 | 5.14.0-362.18.1.el9_3.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Red Hat Enterprise Linux 9.2 (Plow) | x86_64 | 5.14.0-284.11.1.el9_2.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Rocky Linux 9.0 (Blue Onyx) | x86_64 | 5.14.0-70.13.1.el9_0.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Pop!_OS 21.04 | x86 | 5.11.0-7633-generic | ✔️ | ✔️ | ✔️ | ❌ | ✔️ |
Ubuntu 20.04.3 LTS | x86 | 5.11.0-1026-gcp | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
Ubuntu 20.04.3 LTS | x86_64 | 5.11.0-1022-aws | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
Alibaba Cloud Linux 3 (Soaring Falcon) | x86 | 5.10.134-16.1.al8.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Container-Optimized OS from Google | x86_64 | 5.10.90 | ✔️ | ✔️ | ❌ | ❌ | ❌ |
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) | x86 | 5.10.84-flatcar | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Amazon Linux 2022 | x86_64 | 5.10.75-82.359.amzn2022.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Amazon Linux 2 | x86_64 | 5.10.75-79.358.amzn2.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
VMware Photon OS/Linux | x86_64 | 5.10.61 | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
Raspbian GNU/Linux 10 (buster) | arm | 5.10.17 | ❌ | ✔️ | ❌ | ❌ | ❌ |
Debian GNU/Linux 11 (bullseye) | x86 | 5.10.209 | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
Amazon Linux 2 | x86_64 | 5.4.226-129.415.amzn2.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
Container-Optimized OS from Google | x86_64 | 5.4.144 | ❌ | ✔️ | ❌ | ❌ | ❌ |
Ubuntu 18.04.6 LTS | x86_64 | 5.4.0-1060-aws | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
k3OS v0.21.5-k3s2r1 | x86 | 5.4.0-88-generic | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
SUSE Linux Enterprise Server 15 SP3 | x86 | 5.3.18 | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) | x86 | 4.19.91-27.7.al7.x86_64 | ❌ | ❌ | ✔️ | ❌ | ✔️ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.304 | ❌ | ✔️ | ✔️ | ❌ | ❌ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.181 | ❌ | ✔️ | ✔️ | ❌ | ❌ |
Rocky Linux 8.7 (Green Obsidian) | x86_64 | 4.18.0-425.10.1.el8_7.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) | x86_64 | 4.18.0-372.93.1.el8_6.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Oracle Linux Server 8.6 | x86_64 | 4.18.0-372.9.1.el8.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Red Hat Enterprise Linux 8.5 (Ootpa) | x86_64 | 4.18.0-348.el8.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
CentOS Linux 8 | x86_64 | 4.18.0-348.7.1.el8_5.x86_64 | ✔️ | ❌ | ✔️ | ❌ | ❌ |
Red Hat Enterprise Linux 8.4 (Ootpa) | x86_64 | 4.18.0-305.el8.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
CentOS Linux 8 | x86_64 | 4.18.0-240.1.1.el8_3.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
Red Hat Enterprise Linux 8.1 (Ootpa) | x86_64 | 4.18.0-147.57.1.el8_1.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
Ubuntu 18.04.6 LTS | x86 | 4.15.0-163-generic | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
Ubuntu 16.04.7 LTS | x86 | 4.15.0-142-generic | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
Amazon Linux 2 | x86_64 | 4.14.252-195.483.amzn2.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
RancherOS v1.5.8 | x86 | 4.14.138 | ❌ | ✔️ | ✔️ | ❌ | ✔️ |
SUSE Linux Enterprise Server 12 SP5 | x86_64 | 4.12.14 | ❌ | ✔️ | ✔️ | ❌ | ❌ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1160.102.1.el7.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
Red Hat Enterprise Linux Server 7.9 (Maipo) | x86_64 | 3.10.0-1160.59.1.el7.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1127.el7.x86_64 | ❌ | ❌ | ✔️ | ❌ | ❌ |
Few LSMs are not stackable. For example, AppArmor and SELinux are not stackable. If you find that support for both SELinux and AppArmor are available, then only one can be enabled at boot time.
BPF LSM is the new kid on the block. BPF LSM depends on bpf-helpers and they vary from kernel to kernel.
Distro | Arch | Kernel | Seccomp | Seccomp Filter |
---|---|---|---|---|
Fedora Linux 39 (Server Edition) | arm64 | 6.7.7-200.fc39.aarch64 | ✔️ | ✔️ |
Ubuntu 22.04.4 LTS | x86 | 6.5.0-1014-gcp | ✔️ | ✔️ |
Debian GNU/Linux trixie/sid | powerpc | 6.5.3 | ✔️ | ✔️ |
Arch Linux | x86 | 6.2.1-arch1 | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 6.1.85 | ✔️ | ✔️ |
Amazon Linux 2023 | x86_64 | 6.1.19-30.43.amzn2023.x86_64 | ✔️ | ✔️ |
Debian GNU/Linux 12 (bookworm) | arm64 | 6.1.76 | ✔️ | ✔️ |
Debian GNU/Linux 12 (bookworm) | x86 | 6.1.76 | ✔️ | ✔️ |
CBL-Mariner/Linux | x86_64 | 5.15.138.1 | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.15.86-53.137.amzn2.x86_64 | ✔️ | ✔️ |
Fedora CoreOS 35.20211203.3.0 | x86_64 | 5.15.6-200.fc35.x86_64 | ✔️ | ✔️ |
Pop!_OS 21.10 | x86 | 5.15.5-76051505-generic | ✔️ | ✔️ |
Ubuntu 22.04.3 LTS | x86 | 5.15.0-1051-azure | ✔️ | ✔️ |
Oracle Linux Server 8.8 | x86_64 | 5.15.0-103.114.4.el8uek.x86_64 | ✔️ | ✔️ |
Oracle Linux Server 8.7 | x86_64 | 5.15.0-6.80.3.1.el8uek.x86_64 | ✔️ | ✔️ |
AlmaLinux 9.3 (Shamrock Pampas Cat) | x86_64 | 5.14.0-362.18.1.el9_3.x86_64 | ✔️ | ✔️ |
Red Hat Enterprise Linux 9.2 (Plow) | x86_64 | 5.14.0-284.11.1.el9_2.x86_64 | ✔️ | ✔️ |
Rocky Linux 9.0 (Blue Onyx) | x86_64 | 5.14.0-70.13.1.el9_0.x86_64 | ✔️ | ✔️ |
Pop!_OS 21.04 | x86 | 5.11.0-7633-generic | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86 | 5.11.0-1026-gcp | ✔️ | ✔️ |
Ubuntu 20.04.3 LTS | x86_64 | 5.11.0-1022-aws | ✔️ | ✔️ |
Alibaba Cloud Linux 3 (Soaring Falcon) | x86 | 5.10.134-16.1.al8.x86_64 | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 5.10.90 | ✔️ | ✔️ |
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) | x86 | 5.10.84-flatcar | ✔️ | ✔️ |
Amazon Linux 2022 | x86_64 | 5.10.75-82.359.amzn2022.x86_64 | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.10.75-79.358.amzn2.x86_64 | ✔️ | ✔️ |
VMware Photon OS/Linux | x86_64 | 5.10.61 | ✔️ | ✔️ |
Raspbian GNU/Linux 10 (buster) | arm | 5.10.17 | ✔️ | ✔️ |
Debian GNU/Linux 11 (bullseye) | x86 | 5.10.209 | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 5.4.226-129.415.amzn2.x86_64 | ✔️ | ✔️ |
Container-Optimized OS from Google | x86_64 | 5.4.144 | ✔️ | ✔️ |
Ubuntu 18.04.6 LTS | x86_64 | 5.4.0-1060-aws | ✔️ | ✔️ |
k3OS v0.21.5-k3s2r1 | x86 | 5.4.0-88-generic | ✔️ | ✔️ |
SUSE Linux Enterprise Server 15 SP3 | x86 | 5.3.18 | ✔️ | ✔️ |
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) | x86 | 4.19.91-27.7.al7.x86_64 | ✔️ | ✔️ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.304 | ✔️ | ✔️ |
Debian GNU/Linux 10 (buster) | x86 | 4.19.181 | ✔️ | ✔️ |
Rocky Linux 8.7 (Green Obsidian) | x86_64 | 4.18.0-425.10.1.el8_7.x86_64 | ✔️ | ✔️ |
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) | x86_64 | 4.18.0-372.93.1.el8_6.x86_64 | ✔️ | ✔️ |
Oracle Linux Server 8.6 | x86_64 | 4.18.0-372.9.1.el8.x86_64 | ✔️ | ✔️ |
Red Hat Enterprise Linux 8.5 (Ootpa) | x86_64 | 4.18.0-348.el8.x86_64 | ✔️ | ✔️ |
CentOS Linux 8 | x86_64 | 4.18.0-348.7.1.el8_5.x86_64 | ✔️ | ✔️ |
Red Hat Enterprise Linux 8.4 (Ootpa) | x86_64 | 4.18.0-305.el8.x86_64 | ✔️ | ✔️ |
CentOS Linux 8 | x86_64 | 4.18.0-240.1.1.el8_3.x86_64 | ✔️ | ✔️ |
Red Hat Enterprise Linux 8.1 (Ootpa) | x86_64 | 4.18.0-147.57.1.el8_1.x86_64 | ✔️ | ✔️ |
Ubuntu 18.04.6 LTS | x86 | 4.15.0-163-generic | ✔️ | ✔️ |
Ubuntu 16.04.7 LTS | x86 | 4.15.0-142-generic | ✔️ | ✔️ |
Amazon Linux 2 | x86_64 | 4.14.252-195.483.amzn2.x86_64 | ✔️ | ✔️ |
RancherOS v1.5.8 | x86 | 4.14.138 | ✔️ | ✔️ |
SUSE Linux Enterprise Server 12 SP5 | x86_64 | 4.12.14 | ✔️ | ✔️ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1160.102.1.el7.x86_64 | ✔️ | ✔️ |
Red Hat Enterprise Linux Server 7.9 (Maipo) | x86_64 | 3.10.0-1160.59.1.el7.x86_64 | ✔️ | ✔️ |
CentOS Linux 7 (Core) | x86_64 | 3.10.0-1127.el7.x86_64 | ✔️ | ✔️ |
Adding a new distro
Use following command to create a Distro/Kernel specific folder with the corresponding markdowns:
curl -s https://raw.githubusercontent.com/nyrahul/linux-kernel-configs/main/lk-config-get.sh | bash -s
if curl
is not available, use wget
...
wget -q -O- https://raw.githubusercontent.com/nyrahul/linux-kernel-configs/main/lk-config-get.sh | bash -s
- Copy the folder to your github fork
- Run
make
- Raise a PR
Adding a new composition
Composition means a set of kernel configuration options shown in the context of all the distros. "LSM Support", "Seccomp Support" are examples of the compositions.
To create a new composition:
- Create a new composition file. Use tools/compositions/lsm.yaml as ref.
- Do a
make
- Check if the composition is reflected in the README.md
- Raise a PR with the changes