class OR(ComplexOptCheck):
# self.opts[0] is the option that this OR-check is about.
- # Use case:
+ # Use cases:
# OR(<X_is_hardened>, <X_is_disabled>)
- # OR(<X_is_hardened>, <X_is_hardened_old>)
+ # OR(<X_is_hardened>, <old_X_is_hardened>)
def check(self):
if not self.opts:
class AND(ComplexOptCheck):
# self.opts[0] is the option that this AND-check is about.
- # Use case: AND(<suboption>, <main_option>)
- # Suboption is not checked if checking of the main_option is failed.
+ # Use cases:
+ # AND(<suboption>, <main_option>)
+ # Suboption is not checked if checking of the main_option is failed.
+ # AND(<X_is_disabled>, <old_X_is_disabled>)
def check(self):
for i, opt in reversed(list(enumerate(self.opts))):
return ret
if not ret:
if hasattr(opt, 'expected'):
- self.result = 'FAIL: CONFIG_{} is needed'.format(opt.name)
+ self.result = 'FAIL: CONFIG_{} not "{}"'.format(opt.name, opt.expected)
else:
self.result = opt.result
return False
l += [OptCheck('cut_attack_surface', 'kspp', 'LEGACY_VSYSCALL_NONE', 'y')] # 'vsyscall=none'
# 'cut_attack_surface', 'grsecurity'
- l += [OptCheck('cut_attack_surface', 'grsecurity', 'X86_PTDUMP', 'is not set')]
l += [OptCheck('cut_attack_surface', 'grsecurity', 'ZSMALLOC_STAT', 'is not set')]
l += [OptCheck('cut_attack_surface', 'grsecurity', 'PAGE_OWNER', 'is not set')]
l += [OptCheck('cut_attack_surface', 'grsecurity', 'DEBUG_KMEMLEAK', 'is not set')]
l += [OptCheck('cut_attack_surface', 'grsecurity', 'DEVPORT', 'is not set')] # refers to LOCKDOWN
l += [OptCheck('cut_attack_surface', 'grsecurity', 'DEBUG_FS', 'is not set')] # refers to LOCKDOWN
l += [OptCheck('cut_attack_surface', 'grsecurity', 'NOTIFIER_ERROR_INJECTION','is not set')]
+ l += [AND(OptCheck('cut_attack_surface', 'grsecurity', 'X86_PTDUMP', 'is not set'),
+ OptCheck('cut_attack_surface', 'my', 'PTDUMP_DEBUGFS', 'is not set'))]
# 'cut_attack_surface', 'maintainer'
l += [OptCheck('cut_attack_surface', 'maintainer', 'DRM_LEGACY', 'is not set')]
projects / kconfig-hardened-check.git / blobdiff