Don't add options without explicitly recommended values to Kconfig fragments

author Alexander Popov <alex.popov@linux.com>

Sun, 14 Jan 2024 14:31:50 +0000 (17:31 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 14 Jan 2024 14:31:50 +0000 (17:31 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 14 Jan 2024 14:31:50 +0000 (17:31 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 14 Jan 2024 14:31:50 +0000 (17:31 +0300)
diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py

index 7cd3957565b9f14b9e1e35a735d9fa12263c4825..a27e377e8807563f9c9b1e9b507d88fdb39a9d69 100644 (file)
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -405,6 +405,8 @@ def main():
          for opt in config_checklist:
              if opt.name == 'CONFIG_ARCH_MMAP_RND_BITS':
                  continue # don't add CONFIG_ARCH_MMAP_RND_BITS because its value needs refinement
+            if opt.expected == 'is not off':
+                continue # don't add Kconfig options without explicitly recommended values
              if opt.expected == 'is not set':
                  print(f'# {opt.name} is not set')
              else:
author	Alexander Popov <alex.popov@linux.com>
	Sun, 14 Jan 2024 14:31:50 +0000 (17:31 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 14 Jan 2024 14:31:50 +0000 (17:31 +0300)