From 9538b5f99dccbd78a9c334d2c430723da9d60d16 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 31 Dec 2019 18:15:55 +0000 Subject: sys-kernel/linux-{image,sources}-redcore : relax some hardening --- sys-kernel/linux-image-redcore/files/5.4-amd64.config | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'sys-kernel/linux-image-redcore/files') diff --git a/sys-kernel/linux-image-redcore/files/5.4-amd64.config b/sys-kernel/linux-image-redcore/files/5.4-amd64.config index 123bf569..a9fab76a 100644 --- a/sys-kernel/linux-image-redcore/files/5.4-amd64.config +++ b/sys-kernel/linux-image-redcore/files/5.4-amd64.config @@ -9185,24 +9185,19 @@ CONFIG_LSM="apparmor" # # Kernel hardening options # -CONFIG_GCC_PLUGIN_STRUCTLEAK=y # # Memory initialization # -# CONFIG_INIT_STACK_NONE is not set +CONFIG_INIT_STACK_NONE=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set -CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y -# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set -CONFIG_GCC_PLUGIN_STACKLEAK=y -CONFIG_STACKLEAK_TRACK_MIN_SIZE=100 -CONFIG_STACKLEAK_METRICS=y -CONFIG_STACKLEAK_RUNTIME_DISABLE=y -CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y -CONFIG_INIT_ON_FREE_DEFAULT_ON=y -CONFIG_PAGE_SANITIZE_VERIFY=y -CONFIG_SLAB_SANITIZE_VERIFY=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# CONFIG_PAGE_SANITIZE_VERIFY is not set +# CONFIG_SLAB_SANITIZE_VERIFY is not set # end of Memory initialization # end of Kernel hardening options # end of Security options -- cgit v1.2.3