X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig-hardened-check.py;h=2448717ae047c5e6aa3e9b0c5f7dbcbfa8bdf94c;hb=5c67369249f22690efe4c96c54ef6b0bd0496c13;hp=f9f412ec0dfd3def104b258350e99341c75ed771;hpb=14e30b6913c393d4aa0ed5c70e9905ccdf5f1073;p=kconfig-hardened-check.git

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index f9f412e..2448717 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -301,11 +301,13 @@ def construct_checklist(checklist, arch):
         checklist.append(OptCheck('SECURITY',                               'y', 'defconfig', 'security_policy')) # and choose your favourite LSM
     if debug_mode or arch == 'ARM':
         checklist.append(OptCheck('SECURITY',                               'y', 'kspp', 'security_policy')) # and choose your favourite LSM
+    checklist.append(OptCheck('SECURITY_WRITABLE_HOOKS',                'is not set', 'defconfig', 'security_policy'))
     checklist.append(OptCheck('SECURITY_YAMA',                          'y', 'kspp', 'security_policy'))
     checklist.append(OptCheck('SECURITY_LOADPIN',                       'y', 'my', 'security_policy')) # needs userspace support
     checklist.append(OptCheck('SECURITY_LOCKDOWN_LSM',                  'y', 'my', 'security_policy'))
     checklist.append(OptCheck('SECURITY_LOCKDOWN_LSM_EARLY',            'y', 'my', 'security_policy'))
     checklist.append(OptCheck('LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y', 'my', 'security_policy'))
+    checklist.append(OptCheck('SECURITY_SAFESETID',                     'y', 'my', 'security_policy'))
 
     checklist.append(OptCheck('SECCOMP',              'y', 'defconfig', 'cut_attack_surface'))
     checklist.append(OptCheck('SECCOMP_FILTER',       'y', 'defconfig', 'cut_attack_surface'))