Disabling VCAP_KUNIT_TEST and BUILD_SALT doesn't look security relevant

author Alexander Popov <alex.popov@linux.com>

Mon, 19 Aug 2024 14:27:06 +0000 (17:27 +0300)

committer Alexander Popov <alex.popov@linux.com>

Mon, 19 Aug 2024 14:27:06 +0000 (17:27 +0300)
author Alexander Popov <alex.popov@linux.com>
Mon, 19 Aug 2024 14:27:06 +0000 (17:27 +0300)
committer Alexander Popov <alex.popov@linux.com>
Mon, 19 Aug 2024 14:27:06 +0000 (17:27 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index b472f5ccfeba1dc6d81aa50d9a43684058e5a9de..3ff699d44c4ef4b002465d215feb698441a3f4ea 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -393,10 +393,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'SUNRPC_DEBUG', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'X86_16BIT', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'BLK_DEV_UBLK', 'is not set')]
-    l += [KconfigCheck('cut_attack_surface', 'grsec', 'VCAP_KUNIT_TEST', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'SMB_SERVER', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'XFS_ONLINE_SCRUB_STATS', 'is not set')]
-    l += [KconfigCheck('cut_attack_surface', 'grsec', 'BUILD_SALT', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'CACHESTAT_SYSCALL', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'PREEMPTIRQ_TRACEPOINTS', 'is not set')]
      l += [KconfigCheck('cut_attack_surface', 'grsec', 'ENABLE_DEFAULT_TRACERS', 'is not set')]
author	Alexander Popov <alex.popov@linux.com>
	Mon, 19 Aug 2024 14:27:06 +0000 (17:27 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Mon, 19 Aug 2024 14:27:06 +0000 (17:27 +0300)