[arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY

This enables HARDENED_USERCOPY in the top-level config rather than per-architecture, but it depends on a feature not yet implemented for all architectures.
2016-10-05 22:04:38 +01:00 · 2016-10-05 22:04:38 +01:00 · 357c2335a5
parent 5ef50c5719
commit 357c2335a5
2 changed files with 3 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -12,6 +12,7 @@ linux (4.8-1~exp1) UNRELEASED; urgency=medium
    iomem=relaxed
  * [mips*] Enable RANDOMIZE_BASE
  * Enable SLAB_FREELIST_RANDOM
+  * [arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY

 -- Ben Hutchings <ben@decadent.org.uk>  Sat, 01 Oct 2016 21:51:33 +0100

--- a/debian/config/config
+++ b/debian/config/config
@ -6656,6 +6656,8 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_SECURELEVEL=y
 # CONFIG_INTEL_TXT is not set
 CONFIG_LSM_MMAP_MIN_ADDR=32768
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 ## choice: Default security module
 CONFIG_DEFAULT_SECURITY_DAC=y
 ## end choice