Add the SECCOMP_CACHE_DEBUG check

author Alexander Popov <alex.popov@linux.com>

Sat, 12 Oct 2024 21:12:11 +0000 (00:12 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 12 Oct 2024 21:12:11 +0000 (00:12 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 12 Oct 2024 21:12:11 +0000 (00:12 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 12 Oct 2024 21:12:11 +0000 (00:12 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index ee6555559f26390823e9f31fb3fe71e96a228b8c..246190ad8b56b2aeda023f0d0318358875a5208e 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -458,6 +458,7 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
      l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'FAULT_INJECTION', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'ARM_PTDUMP_DEBUGFS', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'ARM_PTDUMP', 'is not set')] # the old name of ARM_PTDUMP_DEBUGFS
+    l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'SECCOMP_CACHE_DEBUG', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'LKDTM', 'is not set')]
                                              # dangerous, only for debugging the kernel hardening features!
      l += [OR(KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'TRIM_UNUSED_KSYMS', 'y'),
author	Alexander Popov <alex.popov@linux.com>
	Sat, 12 Oct 2024 21:12:11 +0000 (00:12 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 12 Oct 2024 21:12:11 +0000 (00:12 +0300)