projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't add options without explicitly recommended values to Kconfig fragments
[kconfig-hardened-check.git] / kernel_hardening_checker / __init__.py
diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py
index 7cd3957565b9f14b9e1e35a735d9fa12263c4825..a27e377e8807563f9c9b1e9b507d88fdb39a9d69 100644 (file)
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -405,6 +405,8 @@ def main():
         for opt in config_checklist:
             if opt.name == 'CONFIG_ARCH_MMAP_RND_BITS':
                 continue # don't add CONFIG_ARCH_MMAP_RND_BITS because its value needs refinement
+            if opt.expected == 'is not off':
+                continue # don't add Kconfig options without explicitly recommended values
             if opt.expected == 'is not set':
                 print(f'# {opt.name} is not set')
             else:
kconfig-hardened-check