Add the norandmaps check

author Alexander Popov <alex.popov@linux.com>

Sat, 22 Apr 2023 15:03:15 +0000 (18:03 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 22 Apr 2023 15:06:35 +0000 (18:06 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 22 Apr 2023 15:03:15 +0000 (18:03 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 22 Apr 2023 15:06:35 +0000 (18:06 +0300)
diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py

index ff1ce79907724c55d1c2da8cdb80ef5cf203d79a..e8e89b9898813c901add423ab0fb253ecde094d3 100644 (file)
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -545,6 +545,9 @@ def add_cmdline_checks(l, arch):
      # 'cut_attack_surface', 'my'
      l += [CmdlineCheck('cut_attack_surface', 'my', 'sysrq_always_enabled', 'is not set')]
  
+    # 'harden_userspace'
+    l += [CmdlineCheck('harden_userspace', 'defconfig', 'norandmaps', 'is not set')]
+
  
  no_kstrtobool_options = [
      'debugfs', # See debugfs_kernel() in fs/debugfs/inode.c
author	Alexander Popov <alex.popov@linux.com>
	Sat, 22 Apr 2023 15:03:15 +0000 (18:03 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 22 Apr 2023 15:06:35 +0000 (18:06 +0300)