From: Alexander Popov <alex.popov@linux.com>
Date: Thu, 21 Jul 2022 06:27:47 +0000 (+0300)
Subject: Don't mention LKDTM
X-Git-Tag: v0.6.1~121
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=5d007e67c6db0af09c6cf5a303cfea23e4234403;p=kconfig-hardened-check.git

Don't mention LKDTM

I can't recommend disabling it, because LKDTM is used to test the kernel
hardening features.

But I cant recommend enabling it, because LKDTM contains intentional
memory corruption errors. It's not for production systems.

So let's simply drop the comment about LKDTM.
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 4c6353f..3daddcb 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -639,8 +639,6 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_32', 'ARM'):
         l += [KconfigCheck('harden_userspace', 'my', 'ARCH_MMAP_RND_BITS', '16')]
 
-#   l += [KconfigCheck('feature_test', 'my', 'LKDTM', 'm')] # only for debugging!
-
 
 def add_cmdline_checks(l, arch):
     # Calling the CmdlineCheck class constructor: