From 303573e55b87ce142a89d48c0a4d2694cf37cae7 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sun, 17 Dec 2023 02:11:53 +0300 Subject: [PATCH] Add the SECURITY_SELINUX_DEBUG check --- kernel_hardening_checker/checks.py | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index 7c3d033..69a9fd9 100644 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -246,6 +246,7 @@ def add_kconfig_checks(l, arch): l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_LOCKDOWN_LSM_EARLY', 'y')] l += [KconfigCheck('security_policy', 'kspp', 'LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y')] l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_WRITABLE_HOOKS', 'is not set')] # refers to SECURITY_SELINUX_DISABLE + l += [KconfigCheck('security_policy', 'my', 'SECURITY_SELINUX_DEBUG', 'is not set')] l += [OR(KconfigCheck('security_policy', 'my', 'SECURITY_SELINUX', 'y'), KconfigCheck('security_policy', 'my', 'SECURITY_APPARMOR', 'y'), KconfigCheck('security_policy', 'my', 'SECURITY_SMACK', 'y'), -- 2.31.1