projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add a check to `_open`
[kconfig-hardened-check.git]
/
kernel_hardening_checker
/
config_files
/
kspp-recommendations
/
kspp-cmdline-x86-64.txt
diff --git
a/kernel_hardening_checker/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt
b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt
index f23733e677fd4214ca8c96370dea9c5878c6a393..e053b2db0bb77c303aac81d811fd127ee0aef21d 100644
(file)
--- a/
kernel_hardening_checker/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt
+++ b/
kernel_hardening_checker/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt
@@
-1
+1
@@
-init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on slab_nomerge pti=on nosmt slub_debug=ZF slub_debug=P page_poison=1 iommu.passthrough=0 iommu.strict=1 vsyscall=none
+hardened_usercopy=1 init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on page_alloc.shuffle=1 slab_nomerge pti=on nosmt slub_debug=ZF slub_debug=P page_poison=1 iommu.passthrough=0 iommu.strict=1 mitigations=auto,nosmt vsyscall=none vdso32=0