| 1 |
commit: 042e689970b1b2d89ad38c3cfe339065b5caa397 |
| 2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Jun 8 20:07:11 2021 +0000 |
| 4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Jun 8 20:07:11 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=042e6899 |
| 7 |
|
| 8 |
Updates from gyakovlev |
| 9 |
|
| 10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
| 11 |
|
| 12 |
4567_distro-Gentoo-Kconfig.patch | 20 ++++++++++---------- |
| 13 |
1 file changed, 10 insertions(+), 10 deletions(-) |
| 14 |
|
| 15 |
diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch |
| 16 |
index 9a7a02d..56adbbd 100644 |
| 17 |
--- a/4567_distro-Gentoo-Kconfig.patch |
| 18 |
+++ b/4567_distro-Gentoo-Kconfig.patch |
| 19 |
@@ -170,16 +170,16 @@ |
| 20 |
+ visible if GENTOO_LINUX |
| 21 |
+ |
| 22 |
+config GENTOO_KERNEL_SELF_PROTECTION |
| 23 |
-+ bool "Architecture Independant Kernel Self Protection Project Recommendations" |
| 24 |
++ bool "Architecture Independent Kernel Self Protection Project Recommendations" |
| 25 |
+ |
| 26 |
+ help |
| 27 |
-+ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project |
| 28 |
-+ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings |
| 29 |
-+ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due |
| 30 |
-+ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for |
| 31 |
-+ dependency information on your specific architecture. |
| 32 |
-+ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 |
| 33 |
-+ for X86_64 |
| 34 |
++ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project |
| 35 |
++ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings |
| 36 |
++ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due |
| 37 |
++ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for |
| 38 |
++ dependency information on your specific architecture. |
| 39 |
++ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 |
| 40 |
++ for X86_64 |
| 41 |
+ |
| 42 |
+ depends on GENTOO_LINUX && !HARDENED_USERCOPY_FALLBACK && !HARDENED_USERCOPY_PAGESPAN && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !SECURITY_SELINUX_DISABLE && !X86_X32 && !MODIFY_LDT_SYSCALL |
| 43 |
+ |
| 44 |
@@ -218,7 +218,7 @@ |
| 45 |
+ select FORTIFY_SOURCE |
| 46 |
+ select SECURITY_DMESG_RESTRICT |
| 47 |
+ select PANIC_ON_OOPS |
| 48 |
-+ select CONFIG_GCC_PLUGINS=y |
| 49 |
++ select CONFIG_GCC_PLUGINS |
| 50 |
+ select GCC_PLUGIN_LATENT_ENTROPY |
| 51 |
+ select GCC_PLUGIN_STRUCTLEAK |
| 52 |
+ select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL |
| 53 |
@@ -237,7 +237,7 @@ |
| 54 |
+ select RANDOMIZE_BASE |
| 55 |
+ select RANDOMIZE_MEMORY |
| 56 |
+ select LEGACY_VSYSCALL_NONE |
| 57 |
-+ select PAGE_TABLE_ISOLATION |
| 58 |
++ select PAGE_TABLE_ISOLATION |
| 59 |
+ |
| 60 |
+ |
| 61 |
+config GENTOO_KERNEL_SELF_PROTECTION_ARM64 |
Archives