On mer., 2016-01-06 at 22:43 +0100, HacKurx wrote: > Sincerely sorry, I haven't even looked unconfigured options into your > kernel.
… > > CONFIG_GRKERNSEC_AUDIT_GROUP ok I can understand the fact of not using it. Actually it might make sense to enable it, and document the fact that it can be disabled using the sysctl. > CONFIG_GRKERNSEC_SYMLINKOWN why not have activated? No good reason except that I didn't yet test a kernel with it. > > Ideally "CONFIG_PAX_SOFTMODE=y" should be replaced by "# > CONFIG_PAX_SOFTMODE is not set" to ensure that PAX cannot be disabled > in a hardened kernel (Can be possible with Kernel Parameters at > startup.) I'm unsure what you mean. I do want people to be able enable pax softmode at runtime (wether by using a kernel parameter or by using the sysctl). Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
