[arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY
This enables HARDENED_USERCOPY in the top-level config rather than per-architecture, but it depends on a feature not yet implemented for all architectures.
This commit is contained in:
parent
5ef50c5719
commit
357c2335a5
|
@ -12,6 +12,7 @@ linux (4.8-1~exp1) UNRELEASED; urgency=medium
|
|||
iomem=relaxed
|
||||
* [mips*] Enable RANDOMIZE_BASE
|
||||
* Enable SLAB_FREELIST_RANDOM
|
||||
* [arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sat, 01 Oct 2016 21:51:33 +0100
|
||||
|
||||
|
|
|
@ -6656,6 +6656,8 @@ CONFIG_SECURITY_NETWORK_XFRM=y
|
|||
CONFIG_SECURITY_SECURELEVEL=y
|
||||
# CONFIG_INTEL_TXT is not set
|
||||
CONFIG_LSM_MMAP_MIN_ADDR=32768
|
||||
CONFIG_HARDENED_USERCOPY=y
|
||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||
## choice: Default security module
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
## end choice
|
||||
|
|
Loading…
Reference in New Issue