- checklist.append(OptCheck('ACPI_CUSTOM_METHOD', 'is not set', 'ubuntu18', 'cut_attack_surface')) # refers to LOCK_DOWN_KERNEL
- checklist.append(OptCheck('COMPAT_BRK', 'is not set', 'ubuntu18', 'cut_attack_surface'))
- checklist.append(OptCheck('DEVKMEM', 'is not set', 'ubuntu18', 'cut_attack_surface'))
- checklist.append(OptCheck('COMPAT_VDSO', 'is not set', 'ubuntu18', 'cut_attack_surface'))
+ checklist.append(OR(OptCheck('IO_STRICT_DEVMEM', 'y', 'kspp', 'cut_attack_surface'), \
+ devmem_not_set)) # refers to LOCK_DOWN_KERNEL
+ checklist.append(OptCheck('LEGACY_VSYSCALL_NONE', 'y', 'kspp', 'cut_attack_surface')) # 'vsyscall=none'
+ checklist.append(OptCheck('ACPI_CUSTOM_METHOD', 'is not set', 'kspp', 'cut_attack_surface')) # refers to LOCK_DOWN_KERNEL
+ checklist.append(OptCheck('COMPAT_BRK', 'is not set', 'kspp', 'cut_attack_surface'))
+ checklist.append(OptCheck('DEVKMEM', 'is not set', 'kspp', 'cut_attack_surface'))
+ checklist.append(OptCheck('COMPAT_VDSO', 'is not set', 'kspp', 'cut_attack_surface'))