Add the comment about kernel.randomize_va_space

author Alexander Popov <alex.popov@linux.com>

Fri, 6 May 2022 22:21:00 +0000 (01:21 +0300)

committer Alexander Popov <alex.popov@linux.com>

Fri, 6 May 2022 22:21:00 +0000 (01:21 +0300)
author Alexander Popov <alex.popov@linux.com>
Fri, 6 May 2022 22:21:00 +0000 (01:21 +0300)
committer Alexander Popov <alex.popov@linux.com>
Fri, 6 May 2022 22:21:00 +0000 (01:21 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 52f505d474d027876e59188a13d08e656f919050..8daa93461f5a39d93f94261b5156a2e54df3c72c 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -58,11 +58,9 @@
  #    what about bpf_jit_enable?
  #    kernel.unprivileged_bpf_disabled=1
  #    net.core.bpf_jit_harden=2
-#
  #    vm.unprivileged_userfaultfd=0
  #        (at first, it disabled unprivileged userfaultfd,
  #         and since v5.11 it enables unprivileged userfaultfd for user-mode only)
-#
  #    dev.tty.ldisc_autoload=0
  #    fs.protected_symlinks=1
  #    fs.protected_hardlinks=1
@@ -70,6 +68,7 @@
  #    fs.protected_regular=2
  #    fs.suid_dumpable=0
  #    kernel.modules_disabled=1
+#    kernel.randomize_va_space = 2
  
  
  # pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring
author	Alexander Popov <alex.popov@linux.com>
	Fri, 6 May 2022 22:21:00 +0000 (01:21 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Fri, 6 May 2022 22:21:00 +0000 (01:21 +0300)