From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 20 Jun 2018 21:09:12 +0000 (+0300)
Subject: Disable only CONFIG_USER_NS, not whole CONFIG_NAMESPACES
X-Git-Tag: v0.5.2~99
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=b6ee2f57efa850213540ed0173e5eab2442a6e60;p=kconfig-hardened-check.git

Disable only CONFIG_USER_NS, not whole CONFIG_NAMESPACES

Thanks to @Bernhard40 for the correction

Signed-off-by: Alexander Popov <alex.popov@linux.com>
---

diff --git a/README.md b/README.md
index 8c1af9b..b87801e 100644
--- a/README.md
+++ b/README.md
@@ -95,7 +95,7 @@ Usage: ./kconfig-hardened-check.py [-p | -c <config_file>]
   CONFIG_MODIFY_LDT_SYSCALL              | is not set  |   kspp   | cut_attack_surface ||     FAIL: "y"      
   CONFIG_KEXEC_FILE                      | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_LIVEPATCH                       | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
-  CONFIG_NAMESPACES                      | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
+  CONFIG_USER_NS                         | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_IP_DCCP                         | is not set  |    my    | cut_attack_surface ||     FAIL: "m"      
   CONFIG_FTRACE                          | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_KPROBES                         | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index a3612dc..a63df18 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -94,7 +94,7 @@ def construct_opt_list():
     opt_list.append([Opt('MODIFY_LDT_SYSCALL',   'is not set', 'kspp', 'cut_attack_surface'), ''])
     opt_list.append([Opt('KEXEC_FILE',           'is not set', 'my', 'cut_attack_surface'), ''])
     opt_list.append([Opt('LIVEPATCH',            'is not set', 'my', 'cut_attack_surface'), ''])
-    opt_list.append([Opt('NAMESPACES',           'is not set', 'my', 'cut_attack_surface'), '']) # user.max_user_namespaces=0
+    opt_list.append([Opt('USER_NS',              'is not set', 'my', 'cut_attack_surface'), '']) # user.max_user_namespaces=0
     opt_list.append([Opt('IP_DCCP',              'is not set', 'my', 'cut_attack_surface'), ''])
     opt_list.append([Opt('FTRACE',               'is not set', 'my', 'cut_attack_surface'), ''])
     opt_list.append([Opt('KPROBES',              'is not set', 'my', 'cut_attack_surface'), ''])