From: Fedora Kernel Team <[email protected]>
[redhat] New configs in security/Kconfig.hardening
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
Symbol: HARDENED_USERCOPY_DEFAULT_ON [=y]
Type : bool
Defined at security/Kconfig.hardening:306
Prompt: Harden memory copies by default
Depends on: HARDENED_USERCOPY [=y]
Location:
-> Security options
-> Kernel hardening options
-> Bounds checking
-> Harden memory copies between kernel and userspace
(HARDENED_USERCOPY [=y])
-> Harden memory copies by default (HARDENED_USERCOPY_DEFAULT_ON
[=y])
Commit: d2132f453e33 (mm: security: Allow default HARDENED_USERCOPY to be set
at compile time)
---
Signed-off-by: Fedora Kernel Team <[email protected]>
diff --git
a/redhat/configs/pending-rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
b/redhat/configs/pending-rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/pending-rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
+++ /dev/null
@@ -1,16 +0,0 @@
-# Symbol: HARDENED_USERCOPY_DEFAULT_ON [=y]
-# Type : bool
-# Defined at security/Kconfig.hardening:306
-# Prompt: Harden memory copies by default
-# Depends on: HARDENED_USERCOPY [=y]
-# Location:
-# -> Security options
-# -> Kernel hardening options
-# -> Bounds checking
-# -> Harden memory copies between kernel and userspace
(HARDENED_USERCOPY [=y])
-# -> Harden memory copies by default (HARDENED_USERCOPY_DEFAULT_ON
[=y])
-#
-#
-#
-# Commit: d2132f453e33 (mm: security: Allow default HARDENED_USERCOPY to be
set at compile time)
-CONFIG_HARDENED_USERCOPY_DEFAULT_ON=y
diff --git a/redhat/configs/rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
b/redhat/configs/rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/configs/rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
@@ -0,0 +1 @@
+CONFIG_HARDENED_USERCOPY_DEFAULT_ON=y
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3751
--
_______________________________________________
kernel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
