From: Alexander Popov Date: Sun, 27 Mar 2022 20:03:02 +0000 (+0300) Subject: Add cmdline checks to '--print' X-Git-Tag: v0.6.1~158^2~9 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=5fbc06faf9bf8703a408e8b91717a9ba3f5aabf8;p=kconfig-hardened-check.git Add cmdline checks to '--print' --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 17bf7be..7324a9e 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -656,6 +656,14 @@ def add_kconfig_checks(l, arch): # l += [KconfigCheck('feature_test', 'my', 'LKDTM', 'm')] # only for debugging! +def add_cmdline_checks(l, arch): + # Calling the CmdlineCheck class constructor: + # CmdlineCheck(reason, decision, name, expected) + + l += [CmdlineCheck('self_protection', 'kspp', 'randomize_kstack_offset', 'on')] + # TODO: add other + + def print_unknown_options(checklist, parsed_options): known_options = [] @@ -861,6 +869,7 @@ def main(): sys.exit('[!] ERROR: wrong mode "{}" for --print'.format(mode)) arch = args.print add_kconfig_checks(config_checklist, arch) + add_cmdline_checks(config_checklist, arch) if mode != 'json': print('[+] Printing kernel security hardening preferences for {}...'.format(arch)) print_checklist(mode, config_checklist, False)