From 8eb18c0bbcc63fd1fed11acb265edd5d0de79964 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 23 Nov 2018 13:44:03 +0100
Subject: docs/linux: update recommended configs

Mention few more tricky kernel configs that cause problems.
---
 docs/linux/kernel_configs.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'docs/linux')

diff --git a/docs/linux/kernel_configs.md b/docs/linux/kernel_configs.md
index 2d5a9cf04..d5291fa03 100644
--- a/docs/linux/kernel_configs.md
+++ b/docs/linux/kernel_configs.md
@@ -28,14 +28,28 @@ CONFIG_KALLSYMS=y
 CONFIG_KALLSYMS_ALL=y
 ```
 
-For `namespace` sandbox:
+For better sandboxing:
 ```
 CONFIG_NAMESPACES=y
-CONFIG_USER_NS=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
 CONFIG_PID_NS=y
 CONFIG_NET_NS=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_MEMCG=y
+```
+
+For `namespace` sandbox:
+```
+CONFIG_USER_NS=y
+```
+
+For running in VMs `make kvmconfig` is generally required.
+
+Debian images produced by [tools/create-image.sh](/tools/create-image.sh) also require:
+```
+CONFIG_CONFIGFS_FS=y
+CONFIG_SECURITYFS=y
 ```
 
 It is recommended to disable the following config (and required if your kernel doesn't have commits [arm64: setup: introduce kaslr_offset()](https://github.com/torvalds/linux/commit/7ede8665f27cde7da69e8b2fbeaa1ed0664879c5)
-- 
cgit mrf-deployment