From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 19 Jun 2021 11:49:03 +0000 (+0300)
Subject: Think about kptr_restrict later (KSPP recommends to set it to 1)
X-Git-Tag: v0.5.10~7
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=a486a6405f078d1611ec5e4af980bbe13f94c804;p=kconfig-hardened-check.git

Think about kptr_restrict later (KSPP recommends to set it to 1)
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 563091c..42d3eeb 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -35,7 +35,7 @@
 #           ssbd=force-on
 #
 # N.B. Hardening sysctls:
-#    kernel.kptr_restrict=2
+#    kernel.kptr_restrict=2 (or 1?)
 #    kernel.dmesg_restrict=1
 #    kernel.perf_event_paranoid=3
 #    kernel.kexec_load_disabled=1