Skip to content

Latest commit

 

History

History
403 lines (379 loc) · 78.7 KB

README.md

File metadata and controls

403 lines (379 loc) · 78.7 KB

Linux Kernel Configs for Popular Distros

CI status

There is often a need to check a kernel config and other OS configuration to make a dev/design decision. The question often pops-up, does the popular distributions support the kernel config that the implementation expects? This is an attempt to answer that.

My specific use-case: KubeArmor leverages LSMs (Linux Security Modules) and eBPF for in-kernel policy controls. We had to refer to kernel configs for making design/dev decisions regarding whether we can depend on a certain kernel primitive. The boot configs part of this repo helped in making an informed choice.

Note: The lists below are sorted based on kernel version number.

Distribution Details

Distro Arch Kernel Kernel Config hostnamectl os-release
Fedora Linux 39 (Server Edition) arm64 6.7.7-200.fc39.aarch64 config file file
Ubuntu 22.04.4 LTS x86 6.5.0-1014-gcp config file file
Debian GNU/Linux trixie/sid powerpc 6.5.3 config file file
Arch Linux x86 6.2.1-arch1 config file file
Container-Optimized OS from Google x86_64 6.1.85 config NotAvailable file
Amazon Linux 2023 x86_64 6.1.19-30.43.amzn2023.x86_64 config file file
Debian GNU/Linux 12 (bookworm) arm64 6.1.76 config file file
Debian GNU/Linux 12 (bookworm) x86 6.1.76 config file file
CBL-Mariner/Linux x86_64 5.15.138.1 config file file
Amazon Linux 2 x86_64 5.15.86-53.137.amzn2.x86_64 config file file
Fedora CoreOS 35.20211203.3.0 x86_64 5.15.6-200.fc35.x86_64 config file file
Pop!_OS 21.10 x86 5.15.5-76051505-generic config file file
Ubuntu 22.04.3 LTS x86 5.15.0-1051-azure config file file
Oracle Linux Server 8.8 x86_64 5.15.0-103.114.4.el8uek.x86_64 config file file
Oracle Linux Server 8.7 x86_64 5.15.0-6.80.3.1.el8uek.x86_64 config file file
AlmaLinux 9.3 (Shamrock Pampas Cat) x86_64 5.14.0-362.18.1.el9_3.x86_64 config file file
Red Hat Enterprise Linux 9.2 (Plow) x86_64 5.14.0-284.11.1.el9_2.x86_64 config file file
Rocky Linux 9.0 (Blue Onyx) x86_64 5.14.0-70.13.1.el9_0.x86_64 config file file
Pop!_OS 21.04 x86 5.11.0-7633-generic config file file
Ubuntu 20.04.3 LTS x86 5.11.0-1026-gcp config file file
Ubuntu 20.04.3 LTS x86_64 5.11.0-1022-aws config file NotAvailable
Alibaba Cloud Linux 3 (Soaring Falcon) x86 5.10.134-16.1.al8.x86_64 config file file
Container-Optimized OS from Google x86_64 5.10.90 config file file
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) x86 5.10.84-flatcar config file file
Amazon Linux 2022 x86_64 5.10.75-82.359.amzn2022.x86_64 config file file
Amazon Linux 2 x86_64 5.10.75-79.358.amzn2.x86_64 config file NotAvailable
VMware Photon OS/Linux x86_64 5.10.61 config file file
Raspbian GNU/Linux 10 (buster) arm 5.10.17 config file file
Debian GNU/Linux 11 (bullseye) x86 5.10.209 config file file
Amazon Linux 2 x86_64 5.4.226-129.415.amzn2.x86_64 config file file
Container-Optimized OS from Google x86_64 5.4.144 config file NotAvailable
Ubuntu 18.04.6 LTS x86_64 5.4.0-1060-aws config file NotAvailable
k3OS v0.21.5-k3s2r1 x86 5.4.0-88-generic config NotAvailable file
SUSE Linux Enterprise Server 15 SP3 x86 5.3.18 config file NotAvailable
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) x86 4.19.91-27.7.al7.x86_64 config file file
Debian GNU/Linux 10 (buster) x86 4.19.304 config file file
Debian GNU/Linux 10 (buster) x86 4.19.181 config file NotAvailable
Rocky Linux 8.7 (Green Obsidian) x86_64 4.18.0-425.10.1.el8_7.x86_64 config file file
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) x86_64 4.18.0-372.93.1.el8_6.x86_64 config file file
Oracle Linux Server 8.6 x86_64 4.18.0-372.9.1.el8.x86_64 config file file
Red Hat Enterprise Linux 8.5 (Ootpa) x86_64 4.18.0-348.el8.x86_64 config file file
CentOS Linux 8 x86_64 4.18.0-348.7.1.el8_5.x86_64 config file file
Red Hat Enterprise Linux 8.4 (Ootpa) x86_64 4.18.0-305.el8.x86_64 config file NotAvailable
CentOS Linux 8 x86_64 4.18.0-240.1.1.el8_3.x86_64 config file NotAvailable
Red Hat Enterprise Linux 8.1 (Ootpa) x86_64 4.18.0-147.57.1.el8_1.x86_64 config file file
Ubuntu 18.04.6 LTS x86 4.15.0-163-generic config file file
Ubuntu 16.04.7 LTS x86 4.15.0-142-generic config file file
Amazon Linux 2 x86_64 4.14.252-195.483.amzn2.x86_64 config file NotAvailable
RancherOS v1.5.8 x86 4.14.138 config NotAvailable file
SUSE Linux Enterprise Server 12 SP5 x86_64 4.12.14 config file NotAvailable
CentOS Linux 7 (Core) x86_64 3.10.0-1160.102.1.el7.x86_64 config file file
Red Hat Enterprise Linux Server 7.9 (Maipo) x86_64 3.10.0-1160.59.1.el7.x86_64 config file file
CentOS Linux 7 (Core) x86_64 3.10.0-1127.el7.x86_64 config file file

Compositions

Kernel Audit Support

Distro Arch Kernel CONFIG_AUDIT CONFIG_AUDIT_ARCH CONFIG_AUDITSYSCALL
Fedora Linux 39 (Server Edition) arm64 6.7.7-200.fc39.aarch64 ✔️ ✔️
Ubuntu 22.04.4 LTS x86 6.5.0-1014-gcp ✔️ ✔️ ✔️
Debian GNU/Linux trixie/sid powerpc 6.5.3 ✔️ ✔️ ✔️
Arch Linux x86 6.2.1-arch1 ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 6.1.85 ✔️ ✔️ ✔️
Amazon Linux 2023 x86_64 6.1.19-30.43.amzn2023.x86_64 ✔️ ✔️ ✔️
Debian GNU/Linux 12 (bookworm) arm64 6.1.76 ✔️ ✔️
Debian GNU/Linux 12 (bookworm) x86 6.1.76 ✔️ ✔️ ✔️
CBL-Mariner/Linux x86_64 5.15.138.1 ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.15.86-53.137.amzn2.x86_64 ✔️ ✔️ ✔️
Fedora CoreOS 35.20211203.3.0 x86_64 5.15.6-200.fc35.x86_64 ✔️ ✔️ ✔️
Pop!_OS 21.10 x86 5.15.5-76051505-generic ✔️ ✔️ ✔️
Ubuntu 22.04.3 LTS x86 5.15.0-1051-azure ✔️ ✔️ ✔️
Oracle Linux Server 8.8 x86_64 5.15.0-103.114.4.el8uek.x86_64 ✔️ ✔️ ✔️
Oracle Linux Server 8.7 x86_64 5.15.0-6.80.3.1.el8uek.x86_64 ✔️ ✔️ ✔️
AlmaLinux 9.3 (Shamrock Pampas Cat) x86_64 5.14.0-362.18.1.el9_3.x86_64 ✔️ ✔️ ✔️
Red Hat Enterprise Linux 9.2 (Plow) x86_64 5.14.0-284.11.1.el9_2.x86_64 ✔️ ✔️ ✔️
Rocky Linux 9.0 (Blue Onyx) x86_64 5.14.0-70.13.1.el9_0.x86_64 ✔️ ✔️ ✔️
Pop!_OS 21.04 x86 5.11.0-7633-generic ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86 5.11.0-1026-gcp ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86_64 5.11.0-1022-aws ✔️ ✔️ ✔️
Alibaba Cloud Linux 3 (Soaring Falcon) x86 5.10.134-16.1.al8.x86_64 ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 5.10.90 ✔️ ✔️ ✔️
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) x86 5.10.84-flatcar ✔️ ✔️ ✔️
Amazon Linux 2022 x86_64 5.10.75-82.359.amzn2022.x86_64 ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.10.75-79.358.amzn2.x86_64 ✔️ ✔️ ✔️
VMware Photon OS/Linux x86_64 5.10.61 ✔️ ✔️ ✔️
Raspbian GNU/Linux 10 (buster) arm 5.10.17 ✔️ ✔️
Debian GNU/Linux 11 (bullseye) x86 5.10.209 ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.4.226-129.415.amzn2.x86_64 ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 5.4.144 ✔️ ✔️ ✔️
Ubuntu 18.04.6 LTS x86_64 5.4.0-1060-aws ✔️ ✔️ ✔️
k3OS v0.21.5-k3s2r1 x86 5.4.0-88-generic ✔️ ✔️ ✔️
SUSE Linux Enterprise Server 15 SP3 x86 5.3.18 ✔️ ✔️ ✔️
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) x86 4.19.91-27.7.al7.x86_64 ✔️ ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.304 ✔️ ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.181 ✔️ ✔️ ✔️
Rocky Linux 8.7 (Green Obsidian) x86_64 4.18.0-425.10.1.el8_7.x86_64 ✔️ ✔️ ✔️
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) x86_64 4.18.0-372.93.1.el8_6.x86_64 ✔️ ✔️ ✔️
Oracle Linux Server 8.6 x86_64 4.18.0-372.9.1.el8.x86_64 ✔️ ✔️ ✔️
Red Hat Enterprise Linux 8.5 (Ootpa) x86_64 4.18.0-348.el8.x86_64 ✔️ ✔️ ✔️
CentOS Linux 8 x86_64 4.18.0-348.7.1.el8_5.x86_64 ✔️ ✔️ ✔️
Red Hat Enterprise Linux 8.4 (Ootpa) x86_64 4.18.0-305.el8.x86_64 ✔️ ✔️ ✔️
CentOS Linux 8 x86_64 4.18.0-240.1.1.el8_3.x86_64 ✔️ ✔️ ✔️
Red Hat Enterprise Linux 8.1 (Ootpa) x86_64 4.18.0-147.57.1.el8_1.x86_64 ✔️ ✔️ ✔️
Ubuntu 18.04.6 LTS x86 4.15.0-163-generic ✔️ ✔️ ✔️
Ubuntu 16.04.7 LTS x86 4.15.0-142-generic ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 4.14.252-195.483.amzn2.x86_64 ✔️ ✔️ ✔️
RancherOS v1.5.8 x86 4.14.138 ✔️ ✔️ ✔️
SUSE Linux Enterprise Server 12 SP5 x86_64 4.12.14 ✔️ ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1160.102.1.el7.x86_64 ✔️ ✔️ ✔️
Red Hat Enterprise Linux Server 7.9 (Maipo) x86_64 3.10.0-1160.59.1.el7.x86_64 ✔️ ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1127.el7.x86_64 ✔️ ✔️ ✔️

This table lists kernel audit support. There is a userspace auditd daemon that is a separate accessory tooling leveraging kernel audit support. This table has nothing to do with userspace components.

BPF/eBPF Support

Distro Arch Kernel CONFIG_BPF CGROUP_BPF BPF_SYSCALL BPF_JIT BPF_LSM BPF_KPROBE_OVERRIDE BPFILTER NET_ACT_BPF NET_CLS_BPF BPF_EVENTS LWTUNNEL_BPF BPF_STREAM_PARSER NETFILTER_XT_MATCH_BPF IPV6_SEG6_BPF
Fedora Linux 39 (Server Edition) arm64 6.7.7-200.fc39.aarch64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 22.04.4 LTS x86 6.5.0-1014-gcp ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux trixie/sid powerpc 6.5.3 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Arch Linux x86 6.2.1-arch1 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 6.1.85 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Amazon Linux 2023 x86_64 6.1.19-30.43.amzn2023.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux 12 (bookworm) arm64 6.1.76 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux 12 (bookworm) x86 6.1.76 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
CBL-Mariner/Linux x86_64 5.15.138.1 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.15.86-53.137.amzn2.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Fedora CoreOS 35.20211203.3.0 x86_64 5.15.6-200.fc35.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Pop!_OS 21.10 x86 5.15.5-76051505-generic ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 22.04.3 LTS x86 5.15.0-1051-azure ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Oracle Linux Server 8.8 x86_64 5.15.0-103.114.4.el8uek.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Oracle Linux Server 8.7 x86_64 5.15.0-6.80.3.1.el8uek.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
AlmaLinux 9.3 (Shamrock Pampas Cat) x86_64 5.14.0-362.18.1.el9_3.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Red Hat Enterprise Linux 9.2 (Plow) x86_64 5.14.0-284.11.1.el9_2.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Rocky Linux 9.0 (Blue Onyx) x86_64 5.14.0-70.13.1.el9_0.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Pop!_OS 21.04 x86 5.11.0-7633-generic ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86 5.11.0-1026-gcp ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86_64 5.11.0-1022-aws ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Alibaba Cloud Linux 3 (Soaring Falcon) x86 5.10.134-16.1.al8.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 5.10.90 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) x86 5.10.84-flatcar ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Amazon Linux 2022 x86_64 5.10.75-82.359.amzn2022.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.10.75-79.358.amzn2.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
VMware Photon OS/Linux x86_64 5.10.61 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Raspbian GNU/Linux 10 (buster) arm 5.10.17 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux 11 (bullseye) x86 5.10.209 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.4.226-129.415.amzn2.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 5.4.144 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 18.04.6 LTS x86_64 5.4.0-1060-aws ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
k3OS v0.21.5-k3s2r1 x86 5.4.0-88-generic ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
SUSE Linux Enterprise Server 15 SP3 x86 5.3.18 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) x86 4.19.91-27.7.al7.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.304 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.181 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Rocky Linux 8.7 (Green Obsidian) x86_64 4.18.0-425.10.1.el8_7.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) x86_64 4.18.0-372.93.1.el8_6.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Oracle Linux Server 8.6 x86_64 4.18.0-372.9.1.el8.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Red Hat Enterprise Linux 8.5 (Ootpa) x86_64 4.18.0-348.el8.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
CentOS Linux 8 x86_64 4.18.0-348.7.1.el8_5.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Red Hat Enterprise Linux 8.4 (Ootpa) x86_64 4.18.0-305.el8.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
CentOS Linux 8 x86_64 4.18.0-240.1.1.el8_3.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Red Hat Enterprise Linux 8.1 (Ootpa) x86_64 4.18.0-147.57.1.el8_1.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 18.04.6 LTS x86 4.15.0-163-generic ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 16.04.7 LTS x86 4.15.0-142-generic ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 4.14.252-195.483.amzn2.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
RancherOS v1.5.8 x86 4.14.138 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
SUSE Linux Enterprise Server 12 SP5 x86_64 4.12.14 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1160.102.1.el7.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Red Hat Enterprise Linux Server 7.9 (Maipo) x86_64 3.10.0-1160.59.1.el7.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1127.el7.x86_64 ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ ✔️

CGROUP_BPF: Support for eBPF programs attached to cgroups. Allow attaching eBPF programs to a cgroup using the bpf(2) syscall command BPF_PROG_ATTACH.

Verity Support

Distro Arch Kernel DM-Verity DM-Verity FEC FS-Verity FS-Verity Signatures
Fedora Linux 39 (Server Edition) arm64 6.7.7-200.fc39.aarch64 ✔️ ✔️ ✔️
Ubuntu 22.04.4 LTS x86 6.5.0-1014-gcp ✔️ ✔️ ✔️
Debian GNU/Linux trixie/sid powerpc 6.5.3 ✔️ ✔️ ✔️ ✔️
Arch Linux x86 6.2.1-arch1 ✔️ ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 6.1.85 ✔️
Amazon Linux 2023 x86_64 6.1.19-30.43.amzn2023.x86_64
Debian GNU/Linux 12 (bookworm) arm64 6.1.76 ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux 12 (bookworm) x86 6.1.76 ✔️ ✔️ ✔️ ✔️
CBL-Mariner/Linux x86_64 5.15.138.1 ✔️ ✔️
Amazon Linux 2 x86_64 5.15.86-53.137.amzn2.x86_64
Fedora CoreOS 35.20211203.3.0 x86_64 5.15.6-200.fc35.x86_64 ✔️ ✔️ ✔️
Pop!_OS 21.10 x86 5.15.5-76051505-generic ✔️ ✔️ ✔️
Ubuntu 22.04.3 LTS x86 5.15.0-1051-azure ✔️ ✔️ ✔️
Oracle Linux Server 8.8 x86_64 5.15.0-103.114.4.el8uek.x86_64 ✔️ ✔️ ✔️
Oracle Linux Server 8.7 x86_64 5.15.0-6.80.3.1.el8uek.x86_64 ✔️ ✔️ ✔️
AlmaLinux 9.3 (Shamrock Pampas Cat) x86_64 5.14.0-362.18.1.el9_3.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 9.2 (Plow) x86_64 5.14.0-284.11.1.el9_2.x86_64 ✔️ ✔️
Rocky Linux 9.0 (Blue Onyx) x86_64 5.14.0-70.13.1.el9_0.x86_64 ✔️ ✔️
Pop!_OS 21.04 x86 5.11.0-7633-generic ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86 5.11.0-1026-gcp ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86_64 5.11.0-1022-aws ✔️ ✔️ ✔️
Alibaba Cloud Linux 3 (Soaring Falcon) x86 5.10.134-16.1.al8.x86_64 ✔️
Container-Optimized OS from Google x86_64 5.10.90 ✔️
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) x86 5.10.84-flatcar ✔️
Amazon Linux 2022 x86_64 5.10.75-82.359.amzn2022.x86_64
Amazon Linux 2 x86_64 5.10.75-79.358.amzn2.x86_64
VMware Photon OS/Linux x86_64 5.10.61 ✔️
Raspbian GNU/Linux 10 (buster) arm 5.10.17
Debian GNU/Linux 11 (bullseye) x86 5.10.209 ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.4.226-129.415.amzn2.x86_64
Container-Optimized OS from Google x86_64 5.4.144 ✔️
Ubuntu 18.04.6 LTS x86_64 5.4.0-1060-aws ✔️ ✔️ ✔️
k3OS v0.21.5-k3s2r1 x86 5.4.0-88-generic ✔️ ✔️ ✔️
SUSE Linux Enterprise Server 15 SP3 x86 5.3.18 ✔️ ✔️
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) x86 4.19.91-27.7.al7.x86_64 ✔️
Debian GNU/Linux 10 (buster) x86 4.19.304 ✔️
Debian GNU/Linux 10 (buster) x86 4.19.181 ✔️
Rocky Linux 8.7 (Green Obsidian) x86_64 4.18.0-425.10.1.el8_7.x86_64 ✔️
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) x86_64 4.18.0-372.93.1.el8_6.x86_64 ✔️
Oracle Linux Server 8.6 x86_64 4.18.0-372.9.1.el8.x86_64 ✔️
Red Hat Enterprise Linux 8.5 (Ootpa) x86_64 4.18.0-348.el8.x86_64 ✔️
CentOS Linux 8 x86_64 4.18.0-348.7.1.el8_5.x86_64 ✔️
Red Hat Enterprise Linux 8.4 (Ootpa) x86_64 4.18.0-305.el8.x86_64 ✔️
CentOS Linux 8 x86_64 4.18.0-240.1.1.el8_3.x86_64 ✔️
Red Hat Enterprise Linux 8.1 (Ootpa) x86_64 4.18.0-147.57.1.el8_1.x86_64 ✔️
Ubuntu 18.04.6 LTS x86 4.15.0-163-generic ✔️
Ubuntu 16.04.7 LTS x86 4.15.0-142-generic ✔️
Amazon Linux 2 x86_64 4.14.252-195.483.amzn2.x86_64
RancherOS v1.5.8 x86 4.14.138 ✔️
SUSE Linux Enterprise Server 12 SP5 x86_64 4.12.14 ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1160.102.1.el7.x86_64 ✔️
Red Hat Enterprise Linux Server 7.9 (Maipo) x86_64 3.10.0-1160.59.1.el7.x86_64 ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1127.el7.x86_64 ✔️

LSM Support

Distro Arch Kernel BPF LSM AppArmor SELinux LandLock SMACK
Fedora Linux 39 (Server Edition) arm64 6.7.7-200.fc39.aarch64 ✔️ ✔️ ✔️
Ubuntu 22.04.4 LTS x86 6.5.0-1014-gcp ✔️ ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux trixie/sid powerpc 6.5.3 ✔️ ✔️ ✔️ ✔️
Arch Linux x86 6.2.1-arch1 ✔️ ✔️ ✔️ ✔️ ✔️
Container-Optimized OS from Google x86_64 6.1.85 ✔️ ✔️
Amazon Linux 2023 x86_64 6.1.19-30.43.amzn2023.x86_64 ✔️ ✔️
Debian GNU/Linux 12 (bookworm) arm64 6.1.76 ✔️ ✔️ ✔️ ✔️
Debian GNU/Linux 12 (bookworm) x86 6.1.76 ✔️ ✔️ ✔️ ✔️
CBL-Mariner/Linux x86_64 5.15.138.1 ✔️ ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.15.86-53.137.amzn2.x86_64 ✔️ ✔️
Fedora CoreOS 35.20211203.3.0 x86_64 5.15.6-200.fc35.x86_64 ✔️ ✔️ ✔️
Pop!_OS 21.10 x86 5.15.5-76051505-generic ✔️ ✔️ ✔️ ✔️ ✔️
Ubuntu 22.04.3 LTS x86 5.15.0-1051-azure ✔️ ✔️ ✔️ ✔️ ✔️
Oracle Linux Server 8.8 x86_64 5.15.0-103.114.4.el8uek.x86_64 ✔️ ✔️ ✔️
Oracle Linux Server 8.7 x86_64 5.15.0-6.80.3.1.el8uek.x86_64 ✔️ ✔️ ✔️
AlmaLinux 9.3 (Shamrock Pampas Cat) x86_64 5.14.0-362.18.1.el9_3.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 9.2 (Plow) x86_64 5.14.0-284.11.1.el9_2.x86_64 ✔️ ✔️
Rocky Linux 9.0 (Blue Onyx) x86_64 5.14.0-70.13.1.el9_0.x86_64 ✔️ ✔️
Pop!_OS 21.04 x86 5.11.0-7633-generic ✔️ ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86 5.11.0-1026-gcp ✔️ ✔️ ✔️
Ubuntu 20.04.3 LTS x86_64 5.11.0-1022-aws ✔️ ✔️ ✔️
Alibaba Cloud Linux 3 (Soaring Falcon) x86 5.10.134-16.1.al8.x86_64 ✔️ ✔️
Container-Optimized OS from Google x86_64 5.10.90 ✔️ ✔️
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) x86 5.10.84-flatcar ✔️ ✔️
Amazon Linux 2022 x86_64 5.10.75-82.359.amzn2022.x86_64 ✔️ ✔️
Amazon Linux 2 x86_64 5.10.75-79.358.amzn2.x86_64 ✔️ ✔️
VMware Photon OS/Linux x86_64 5.10.61 ✔️ ✔️ ✔️
Raspbian GNU/Linux 10 (buster) arm 5.10.17 ✔️
Debian GNU/Linux 11 (bullseye) x86 5.10.209 ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 5.4.226-129.415.amzn2.x86_64 ✔️
Container-Optimized OS from Google x86_64 5.4.144 ✔️
Ubuntu 18.04.6 LTS x86_64 5.4.0-1060-aws ✔️ ✔️ ✔️
k3OS v0.21.5-k3s2r1 x86 5.4.0-88-generic ✔️ ✔️ ✔️
SUSE Linux Enterprise Server 15 SP3 x86 5.3.18 ✔️ ✔️ ✔️
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) x86 4.19.91-27.7.al7.x86_64 ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.304 ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.181 ✔️ ✔️
Rocky Linux 8.7 (Green Obsidian) x86_64 4.18.0-425.10.1.el8_7.x86_64 ✔️ ✔️
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) x86_64 4.18.0-372.93.1.el8_6.x86_64 ✔️ ✔️
Oracle Linux Server 8.6 x86_64 4.18.0-372.9.1.el8.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 8.5 (Ootpa) x86_64 4.18.0-348.el8.x86_64 ✔️ ✔️
CentOS Linux 8 x86_64 4.18.0-348.7.1.el8_5.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 8.4 (Ootpa) x86_64 4.18.0-305.el8.x86_64 ✔️
CentOS Linux 8 x86_64 4.18.0-240.1.1.el8_3.x86_64 ✔️
Red Hat Enterprise Linux 8.1 (Ootpa) x86_64 4.18.0-147.57.1.el8_1.x86_64 ✔️
Ubuntu 18.04.6 LTS x86 4.15.0-163-generic ✔️ ✔️ ✔️
Ubuntu 16.04.7 LTS x86 4.15.0-142-generic ✔️ ✔️ ✔️
Amazon Linux 2 x86_64 4.14.252-195.483.amzn2.x86_64 ✔️
RancherOS v1.5.8 x86 4.14.138 ✔️ ✔️ ✔️
SUSE Linux Enterprise Server 12 SP5 x86_64 4.12.14 ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1160.102.1.el7.x86_64 ✔️
Red Hat Enterprise Linux Server 7.9 (Maipo) x86_64 3.10.0-1160.59.1.el7.x86_64 ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1127.el7.x86_64 ✔️

Few LSMs are not stackable. For example, AppArmor and SELinux are not stackable. If you find that support for both SELinux and AppArmor are available, then only one can be enabled at boot time.

BPF LSM is the new kid on the block. BPF LSM depends on bpf-helpers and they vary from kernel to kernel.

Seccomp Support

Distro Arch Kernel Seccomp Seccomp Filter
Fedora Linux 39 (Server Edition) arm64 6.7.7-200.fc39.aarch64 ✔️ ✔️
Ubuntu 22.04.4 LTS x86 6.5.0-1014-gcp ✔️ ✔️
Debian GNU/Linux trixie/sid powerpc 6.5.3 ✔️ ✔️
Arch Linux x86 6.2.1-arch1 ✔️ ✔️
Container-Optimized OS from Google x86_64 6.1.85 ✔️ ✔️
Amazon Linux 2023 x86_64 6.1.19-30.43.amzn2023.x86_64 ✔️ ✔️
Debian GNU/Linux 12 (bookworm) arm64 6.1.76 ✔️ ✔️
Debian GNU/Linux 12 (bookworm) x86 6.1.76 ✔️ ✔️
CBL-Mariner/Linux x86_64 5.15.138.1 ✔️ ✔️
Amazon Linux 2 x86_64 5.15.86-53.137.amzn2.x86_64 ✔️ ✔️
Fedora CoreOS 35.20211203.3.0 x86_64 5.15.6-200.fc35.x86_64 ✔️ ✔️
Pop!_OS 21.10 x86 5.15.5-76051505-generic ✔️ ✔️
Ubuntu 22.04.3 LTS x86 5.15.0-1051-azure ✔️ ✔️
Oracle Linux Server 8.8 x86_64 5.15.0-103.114.4.el8uek.x86_64 ✔️ ✔️
Oracle Linux Server 8.7 x86_64 5.15.0-6.80.3.1.el8uek.x86_64 ✔️ ✔️
AlmaLinux 9.3 (Shamrock Pampas Cat) x86_64 5.14.0-362.18.1.el9_3.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 9.2 (Plow) x86_64 5.14.0-284.11.1.el9_2.x86_64 ✔️ ✔️
Rocky Linux 9.0 (Blue Onyx) x86_64 5.14.0-70.13.1.el9_0.x86_64 ✔️ ✔️
Pop!_OS 21.04 x86 5.11.0-7633-generic ✔️ ✔️
Ubuntu 20.04.3 LTS x86 5.11.0-1026-gcp ✔️ ✔️
Ubuntu 20.04.3 LTS x86_64 5.11.0-1022-aws ✔️ ✔️
Alibaba Cloud Linux 3 (Soaring Falcon) x86 5.10.134-16.1.al8.x86_64 ✔️ ✔️
Container-Optimized OS from Google x86_64 5.10.90 ✔️ ✔️
Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) x86 5.10.84-flatcar ✔️ ✔️
Amazon Linux 2022 x86_64 5.10.75-82.359.amzn2022.x86_64 ✔️ ✔️
Amazon Linux 2 x86_64 5.10.75-79.358.amzn2.x86_64 ✔️ ✔️
VMware Photon OS/Linux x86_64 5.10.61 ✔️ ✔️
Raspbian GNU/Linux 10 (buster) arm 5.10.17 ✔️ ✔️
Debian GNU/Linux 11 (bullseye) x86 5.10.209 ✔️ ✔️
Amazon Linux 2 x86_64 5.4.226-129.415.amzn2.x86_64 ✔️ ✔️
Container-Optimized OS from Google x86_64 5.4.144 ✔️ ✔️
Ubuntu 18.04.6 LTS x86_64 5.4.0-1060-aws ✔️ ✔️
k3OS v0.21.5-k3s2r1 x86 5.4.0-88-generic ✔️ ✔️
SUSE Linux Enterprise Server 15 SP3 x86 5.3.18 ✔️ ✔️
Alibaba Cloud Linux (Aliyun Linux) 2.1903 LTS (Hunting Beagle) x86 4.19.91-27.7.al7.x86_64 ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.304 ✔️ ✔️
Debian GNU/Linux 10 (buster) x86 4.19.181 ✔️ ✔️
Rocky Linux 8.7 (Green Obsidian) x86_64 4.18.0-425.10.1.el8_7.x86_64 ✔️ ✔️
Red Hat Enterprise Linux CoreOS 412.86.202402272018-0 (Ootpa) x86_64 4.18.0-372.93.1.el8_6.x86_64 ✔️ ✔️
Oracle Linux Server 8.6 x86_64 4.18.0-372.9.1.el8.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 8.5 (Ootpa) x86_64 4.18.0-348.el8.x86_64 ✔️ ✔️
CentOS Linux 8 x86_64 4.18.0-348.7.1.el8_5.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 8.4 (Ootpa) x86_64 4.18.0-305.el8.x86_64 ✔️ ✔️
CentOS Linux 8 x86_64 4.18.0-240.1.1.el8_3.x86_64 ✔️ ✔️
Red Hat Enterprise Linux 8.1 (Ootpa) x86_64 4.18.0-147.57.1.el8_1.x86_64 ✔️ ✔️
Ubuntu 18.04.6 LTS x86 4.15.0-163-generic ✔️ ✔️
Ubuntu 16.04.7 LTS x86 4.15.0-142-generic ✔️ ✔️
Amazon Linux 2 x86_64 4.14.252-195.483.amzn2.x86_64 ✔️ ✔️
RancherOS v1.5.8 x86 4.14.138 ✔️ ✔️
SUSE Linux Enterprise Server 12 SP5 x86_64 4.12.14 ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1160.102.1.el7.x86_64 ✔️ ✔️
Red Hat Enterprise Linux Server 7.9 (Maipo) x86_64 3.10.0-1160.59.1.el7.x86_64 ✔️ ✔️
CentOS Linux 7 (Core) x86_64 3.10.0-1127.el7.x86_64 ✔️ ✔️

Contributions welcome...

Adding a new distro

Use following command to create a Distro/Kernel specific folder with the corresponding markdowns:

curl -s https://raw.githubusercontent.com/nyrahul/linux-kernel-configs/main/lk-config-get.sh | bash -s

if curl is not available, use wget ...

wget -q -O- https://raw.githubusercontent.com/nyrahul/linux-kernel-configs/main/lk-config-get.sh  | bash -s
  1. Copy the folder to your github fork
  2. Run make
  3. Raise a PR
Adding a new composition

Composition means a set of kernel configuration options shown in the context of all the distros. "LSM Support", "Seccomp Support" are examples of the compositions.

To create a new composition:

  1. Create a new composition file. Use tools/compositions/lsm.yaml as ref.
  2. Do a make
  3. Check if the composition is reflected in the README.md
  4. Raise a PR with the changes