From a6732ba512e963eba7ab3f8af494508a49c92613 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 22 Apr 2023 18:03:15 +0300
Subject: [PATCH] Add the norandmaps check

Thanks to @izh1979 for the idea
---
 kconfig_hardened_check/checks.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index ff1ce79..e8e89b9 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -545,6 +545,9 @@ def add_cmdline_checks(l, arch):
     # 'cut_attack_surface', 'my'
     l += [CmdlineCheck('cut_attack_surface', 'my', 'sysrq_always_enabled', 'is not set')]
 
+    # 'harden_userspace'
+    l += [CmdlineCheck('harden_userspace', 'defconfig', 'norandmaps', 'is not set')]
+
 
 no_kstrtobool_options = [
     'debugfs', # See debugfs_kernel() in fs/debugfs/inode.c
-- 
2.31.1