From: Alexander Popov Date: Fri, 7 Dec 2018 09:35:21 +0000 (+0300) Subject: Add CONFIG_LOCK_DOWN_KERNEL X-Git-Tag: v0.5.2~70 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=57b1cb15f4137c8a35b6030464006a14c7bf7e8a;p=kconfig-hardened-check.git Add CONFIG_LOCK_DOWN_KERNEL --- diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index 791a2f8..834c40c 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -15,6 +15,7 @@ # slab_nomerge # pti=on # kernel.kptr_restrict=1 +# lockdown=1 import sys from argparse import ArgumentParser @@ -118,6 +119,7 @@ def construct_checklist(): checklist.append(OptCheck('SLAB_FREELIST_RANDOM', 'y', 'ubuntu18', 'self_protection')) checklist.append(OptCheck('HARDENED_USERCOPY', 'y', 'ubuntu18', 'self_protection')) checklist.append(OptCheck('FORTIFY_SOURCE', 'y', 'ubuntu18', 'self_protection')) + checklist.append(OptCheck('LOCK_DOWN_KERNEL', 'y', 'ubuntu18', 'self_protection')) # remember about LOCK_DOWN_MANDATORY checklist.append(OR(OptCheck('STRICT_MODULE_RWX', 'y', 'ubuntu18', 'self_protection'), \ OptCheck('DEBUG_SET_MODULE_RONX', 'y', 'before_v4.11', 'self_protection'), \ modules_not_set))