From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 22 Apr 2023 15:03:15 +0000 (+0300)
Subject: Add the norandmaps check
X-Git-Tag: v0.6.6~172
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=a6732ba512e963eba7ab3f8af494508a49c92613;p=kconfig-hardened-check.git

Add the norandmaps check

Thanks to @izh1979 for the idea
---

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index ff1ce79..e8e89b9 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -545,6 +545,9 @@ def add_cmdline_checks(l, arch):
     # 'cut_attack_surface', 'my'
     l += [CmdlineCheck('cut_attack_surface', 'my', 'sysrq_always_enabled', 'is not set')]
 
+    # 'harden_userspace'
+    l += [CmdlineCheck('harden_userspace', 'defconfig', 'norandmaps', 'is not set')]
+
 
 no_kstrtobool_options = [
     'debugfs', # See debugfs_kernel() in fs/debugfs/inode.c