9c12812735
Some major changes: * the charm has been rebased (from a Python perspective) to be rooted in the charm directory. This is a single root. * Imports have been changed so that the don't add lots of imports to the namespace of the module doing the import. * The code that used to run at module import time has been made lazy such that it only has to run if the relevant functions are called. This includes restart_on_change parameters, the harden function and the parameters to the guard_map. Appropriate changes will be submitted to charm-helpers. * Several tests had to be re-written as (incorrect) mocking meant that text fixtures didn't actually match what the code was doing. Thus, the tests were meaningless. * This has had a net positive impact on the unit tests wrt to importing modules and mocking. Change-Id: Id07d9d1caaa9b29453a63c2e49ba831071e9457f
117 lines
1.7 KiB
Plaintext
117 lines
1.7 KiB
Plaintext
###############################################################################
|
|
# WARNING: This configuration file is maintained by Juju. Local changes may
|
|
# be overwritten.
|
|
###############################################################################
|
|
# /etc/modules: kernel modules to load at boot time.
|
|
#
|
|
# This file contains the names of kernel modules that should be loaded
|
|
# at boot time, one per line. Lines beginning with "#" are ignored.
|
|
# Parameters can be specified after the module name.
|
|
|
|
# Arch
|
|
# ----
|
|
#
|
|
# Modules for certains builds, contains support modules and some CPU-specific optimizations.
|
|
|
|
{% if arch == "x86_64" -%}
|
|
# Optimize for x86_64 cryptographic features
|
|
twofish-x86_64-3way
|
|
twofish-x86_64
|
|
aes-x86_64
|
|
salsa20-x86_64
|
|
blowfish-x86_64
|
|
{% endif -%}
|
|
|
|
{% if cpuVendor == "intel" -%}
|
|
# Intel-specific optimizations
|
|
ghash-clmulni-intel
|
|
aesni-intel
|
|
kvm-intel
|
|
{% endif -%}
|
|
|
|
{% if cpuVendor == "amd" -%}
|
|
# AMD-specific optimizations
|
|
kvm-amd
|
|
{% endif -%}
|
|
|
|
kvm
|
|
|
|
|
|
# Crypto
|
|
# ------
|
|
|
|
# Some core modules which comprise strong cryptography.
|
|
blowfish_common
|
|
blowfish_generic
|
|
ctr
|
|
cts
|
|
lrw
|
|
lzo
|
|
rmd160
|
|
rmd256
|
|
rmd320
|
|
serpent
|
|
sha512_generic
|
|
twofish_common
|
|
twofish_generic
|
|
xts
|
|
zlib
|
|
|
|
|
|
# Drivers
|
|
# -------
|
|
|
|
# Basics
|
|
lp
|
|
rtc
|
|
loop
|
|
|
|
# Filesystems
|
|
ext2
|
|
btrfs
|
|
|
|
{% if desktop_enable -%}
|
|
# Desktop
|
|
psmouse
|
|
snd
|
|
snd_ac97_codec
|
|
snd_intel8x0
|
|
snd_page_alloc
|
|
snd_pcm
|
|
snd_timer
|
|
soundcore
|
|
usbhid
|
|
{% endif -%}
|
|
|
|
# Lib
|
|
# ---
|
|
xz
|
|
|
|
|
|
# Net
|
|
# ---
|
|
|
|
# All packets needed for netfilter rules (ie iptables, ebtables).
|
|
ip_tables
|
|
x_tables
|
|
iptable_filter
|
|
iptable_nat
|
|
|
|
# Targets
|
|
ipt_LOG
|
|
ipt_REJECT
|
|
|
|
# Modules
|
|
xt_connlimit
|
|
xt_tcpudp
|
|
xt_recent
|
|
xt_limit
|
|
xt_conntrack
|
|
nf_conntrack
|
|
nf_conntrack_ipv4
|
|
nf_defrag_ipv4
|
|
xt_state
|
|
nf_nat
|
|
|
|
# Addons
|
|
xt_pknock |