X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=cdb08288fa0f3ccf2b938cf88fb92462070da61f;hb=2588752f2803d58118f8d7b05ae16983cf588dc9;hp=c6c4349839f4ed4448a5f10e217d7135aedc9003;hpb=25ccc1447b06923ee7a04e8808087fba17fa2405;p=kconfig-hardened-check.git diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index c6c4349..cdb0828 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -20,7 +20,7 @@ import re import json from .__about__ import __version__ from .checks import add_kconfig_checks, add_cmdline_checks, normalize_cmdline_options -from .engine import populate_with_data, perform_checks +from .engine import populate_with_data, perform_checks, override_expected_value def _open(file: str, *args, **kwargs): @@ -213,7 +213,7 @@ def main(): parser.add_argument('-p', '--print', choices=supported_archs, help='print security hardening preferences for the selected architecture') parser.add_argument('-c', '--config', - help='check the kernel kconfig file against these preferences') + help='check the kernel kconfig file against these preferences (also supports *.gz files)') parser.add_argument('-l', '--cmdline', help='check the kernel cmdline file against these preferences') parser.add_argument('-m', '--mode', choices=report_modes, @@ -277,6 +277,11 @@ def main(): parse_cmdline_file(parsed_cmdline_options, args.cmdline) populate_with_data(config_checklist, parsed_cmdline_options, 'cmdline') + # hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check + mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None) + if mmap_rnd_bits_max: + override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max) + # now everything is ready, perform the checks perform_checks(config_checklist)