| 1 |
Am 16.08.2017 16:46 schrieb Michael Orlitzky: |
| 2 |
> There is one thing you have to watch out for: certain vanilla kernel |
| 3 |
> hardened features were subjugated to grsecurity ones and you'll |
| 4 |
> probably |
| 5 |
> want to enable them. For example, you probably want CONFIG_VMAP_STACK |
| 6 |
> once you've switched, but it won't be enabled in your old .config |
| 7 |
> because it conflicts with GRKERNSEC_KSTACKOVERFLOW. |
| 8 |
> |
| 9 |
> (It would help to collect those options on a wiki page?) |
| 10 |
|
| 11 |
http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings |
| 12 |
|
| 13 |
That probably covers all relevant options on a vanilla kernel. |
Archives