SECURITY_WRITABLE_HOOKS is not disabled by default
authorAlexander Popov <alex.popov@linux.com>
Wed, 4 Mar 2020 12:29:34 +0000 (15:29 +0300)
committerAlexander Popov <alex.popov@linux.com>
Wed, 4 Mar 2020 12:29:34 +0000 (15:29 +0300)
kconfig-hardened-check.py

index a1a8de2485c4de8676df5eb40071212ff2c113c6..95a5edfca633132eeb3a8659362aee111da689ff 100755 (executable)
@@ -296,13 +296,13 @@ def construct_checklist(checklist, arch):
         checklist.append(OptCheck('SECURITY',                               'y', 'defconfig', 'security_policy')) # and choose your favourite LSM
     if debug_mode or arch == 'ARM':
         checklist.append(OptCheck('SECURITY',                               'y', 'kspp', 'security_policy')) # and choose your favourite LSM
-    checklist.append(OptCheck('SECURITY_WRITABLE_HOOKS',                'is not set', 'defconfig', 'security_policy'))
     checklist.append(OptCheck('SECURITY_YAMA',                          'y', 'kspp', 'security_policy'))
     checklist.append(OptCheck('SECURITY_LOADPIN',                       'y', 'my', 'security_policy')) # needs userspace support
     checklist.append(OptCheck('SECURITY_LOCKDOWN_LSM',                  'y', 'my', 'security_policy'))
     checklist.append(OptCheck('SECURITY_LOCKDOWN_LSM_EARLY',            'y', 'my', 'security_policy'))
     checklist.append(OptCheck('LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y', 'my', 'security_policy'))
     checklist.append(OptCheck('SECURITY_SAFESETID',                     'y', 'my', 'security_policy'))
+    checklist.append(OptCheck('SECURITY_WRITABLE_HOOKS',                'is not set', 'my', 'security_policy'))
 
     checklist.append(OptCheck('SECCOMP',              'y', 'defconfig', 'cut_attack_surface'))
     checklist.append(OptCheck('SECCOMP_FILTER',       'y', 'defconfig', 'cut_attack_surface'))