• Kprobes
    • Optimize very unlikely/likely branches
      [ ] Static key selftest
      [ ] Static call selftest
    • Enable seccomp to safely execute untrusted bytecode
      [ ] Show seccomp filter cache status in /proc/pid/seccomp_cache
      [ ] Stack Protector buffer overflow detection
      [ ] Strong Stack Protector
      Link Time Optimization (LTO) (None) --->
      [ ] Provide system calls for 32-bit time_t
      [ ] Use a virtually-mapped stack

    • Support for randomizing kernel stack offset on syscall entry
      [ ] Default state of kernel stack offset randomization
      [ ] Locking event counts collection
      GCOV-based kernel profiling --->

      Enable gcov-based kernel profiling

      [ ] GCC plugins --->

      Generate some entropy during boot and runtime