projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Think about kptr_restrict later (KSPP recommends to set it to 1)
[kconfig-hardened-check.git] / kconfig_hardened_check / __init__.py
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 563091cd77abb9727e8b647fc59847bd1245bcaa..42d3eebdab15c2dd35b865832be708cb88251048 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -35,7 +35,7 @@
 #           ssbd=force-on
 #
 # N.B. Hardening sysctls:
-#    kernel.kptr_restrict=2
+#    kernel.kptr_restrict=2 (or 1?)
 #    kernel.dmesg_restrict=1
 #    kernel.perf_event_paranoid=3
 #    kernel.kexec_load_disabled=1
kconfig-hardened-check