Add the MODULE_FORCE_LOAD check

author Alexander Popov <alex.popov@linux.com>

Sat, 9 Dec 2023 05:47:55 +0000 (08:47 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 9 Dec 2023 05:47:55 +0000 (08:47 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 9 Dec 2023 05:47:55 +0000 (08:47 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 9 Dec 2023 05:47:55 +0000 (08:47 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index 5daf88911c000bfb815c2f1b61937dbfb0262d28..9dacb51be97c614a8ecec22128b59033702043d8 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -378,6 +378,7 @@ def add_kconfig_checks(l, arch):
      l += [KconfigCheck('cut_attack_surface', 'my', 'XFS_SUPPORT_V4', 'is not set')]
      l += [OR(KconfigCheck('cut_attack_surface', 'my', 'TRIM_UNUSED_KSYMS', 'y'),
               modules_not_set)]
+    l += [KconfigCheck('cut_attack_surface', 'my', 'MODULE_FORCE_LOAD', 'is not set')]
  
      # 'harden_userspace'
      if arch == 'ARM64':
author	Alexander Popov <alex.popov@linux.com>
	Sat, 9 Dec 2023 05:47:55 +0000 (08:47 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 9 Dec 2023 05:47:55 +0000 (08:47 +0300)