projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8be2995
)
Don't recommend any particular LSM to avoid the holy war
author
Alexander Popov
<alex.popov@linux.com>
Mon, 3 Jun 2019 17:03:58 +0000
(20:03 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Mon, 3 Jun 2019 17:03:58 +0000
(20:03 +0300)
kconfig-hardened-check.py
patch
|
blob
|
history
diff --git
a/kconfig-hardened-check.py
b/kconfig-hardened-check.py
index 562dd92ca0b7e760b31819a282e40b8024edf1ec..c2d35c17ea792b8a1dfd122cc1daa8eb145a67e9 100755
(executable)
--- a/
kconfig-hardened-check.py
+++ b/
kconfig-hardened-check.py
@@
-258,11
+258,10
@@
def construct_checklist(arch):
checklist.append(OptCheck('STACKPROTECTOR_PER_TASK', 'y', 'my', 'self_protection'))
if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
checklist.append(OptCheck('STACKPROTECTOR_PER_TASK', 'y', 'my', 'self_protection'))
if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
- checklist.append(OptCheck('SECURITY', 'y', 'defconfig', 'security_policy'))
+ checklist.append(OptCheck('SECURITY', 'y', 'defconfig', 'security_policy'))
# and choose your favourite LSM
if debug_mode or arch == 'ARM':
if debug_mode or arch == 'ARM':
- checklist.append(OptCheck('SECURITY', 'y', 'kspp', 'security_policy'))
+ checklist.append(OptCheck('SECURITY', 'y', 'kspp', 'security_policy'))
# and choose your favourite LSM
checklist.append(OptCheck('SECURITY_YAMA', 'y', 'kspp', 'security_policy'))
checklist.append(OptCheck('SECURITY_YAMA', 'y', 'kspp', 'security_policy'))
- checklist.append(OptCheck('SECURITY_SELINUX_DISABLE', 'is not set', 'kspp', 'security_policy'))
checklist.append(OptCheck('SECCOMP', 'y', 'defconfig', 'cut_attack_surface'))
checklist.append(OptCheck('SECCOMP_FILTER', 'y', 'defconfig', 'cut_attack_surface'))
checklist.append(OptCheck('SECCOMP', 'y', 'defconfig', 'cut_attack_surface'))
checklist.append(OptCheck('SECCOMP_FILTER', 'y', 'defconfig', 'cut_attack_surface'))