From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 12 Oct 2024 21:12:11 +0000 (+0300)
Subject: Add the SECCOMP_CACHE_DEBUG check
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=b9b4a04910c1ced4c32335009fed98fc8aeb769a;p=kconfig-hardened-check.git

Add the SECCOMP_CACHE_DEBUG check

Thanks to @izh1979 for the idea.
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index ee65555..246190a 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -458,6 +458,7 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
     l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'FAULT_INJECTION', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'ARM_PTDUMP_DEBUGFS', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'ARM_PTDUMP', 'is not set')] # the old name of ARM_PTDUMP_DEBUGFS
+    l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'SECCOMP_CACHE_DEBUG', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'LKDTM', 'is not set')]
                                             # dangerous, only for debugging the kernel hardening features!
     l += [OR(KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'TRIM_UNUSED_KSYMS', 'y'),