1 |
Am 16.08.2017 16:46 schrieb Michael Orlitzky: |
2 |
> There is one thing you have to watch out for: certain vanilla kernel |
3 |
> hardened features were subjugated to grsecurity ones and you'll |
4 |
> probably |
5 |
> want to enable them. For example, you probably want CONFIG_VMAP_STACK |
6 |
> once you've switched, but it won't be enabled in your old .config |
7 |
> because it conflicts with GRKERNSEC_KSTACKOVERFLOW. |
8 |
> |
9 |
> (It would help to collect those options on a wiki page?) |
10 |
|
11 |
http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings |
12 |
|
13 |
That probably covers all relevant options on a vanilla kernel. |