Merge branch 'corsac/linux-hardening-options' into sid
This commit is contained in:
commit
c1ecc67a90
|
@ -284,6 +284,10 @@ linux (4.16.13-1) UNRELEASED; urgency=medium
|
||||||
* [armhf] Enable MFD_AC100 and RTC_DRV_AC100, used in allwinner A80/A83t
|
* [armhf] Enable MFD_AC100 and RTC_DRV_AC100, used in allwinner A80/A83t
|
||||||
systems.
|
systems.
|
||||||
|
|
||||||
|
[ Yves-Alexis Perez ]
|
||||||
|
* hardening: enable FORTIFY_SOURCE, disable HARDENED_USERCOPY_FALLBACK
|
||||||
|
* [x86] hardening: enable REFCOUNT_FULL
|
||||||
|
|
||||||
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 30 May 2018 08:41:30 +0200
|
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 30 May 2018 08:41:30 +0200
|
||||||
|
|
||||||
linux (4.16.12-1) unstable; urgency=medium
|
linux (4.16.12-1) unstable; urgency=medium
|
||||||
|
|
|
@ -7118,7 +7118,9 @@ CONFIG_SECURITY_NETWORK_XFRM=y
|
||||||
# CONFIG_INTEL_TXT is not set
|
# CONFIG_INTEL_TXT is not set
|
||||||
CONFIG_LSM_MMAP_MIN_ADDR=32768
|
CONFIG_LSM_MMAP_MIN_ADDR=32768
|
||||||
CONFIG_HARDENED_USERCOPY=y
|
CONFIG_HARDENED_USERCOPY=y
|
||||||
|
# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
|
||||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||||
|
CONFIG_FORTIFY_SOURCE=y
|
||||||
CONFIG_LOCK_DOWN_KERNEL=y
|
CONFIG_LOCK_DOWN_KERNEL=y
|
||||||
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
|
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
|
||||||
## choice: Default security module
|
## choice: Default security module
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
## file: arch/Kconfig
|
## file: arch/Kconfig
|
||||||
##
|
##
|
||||||
# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
|
# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
|
||||||
|
CONFIG_REFCOUNT_FULL=y
|
||||||
|
|
||||||
##
|
##
|
||||||
## file: arch/x86/Kconfig
|
## file: arch/x86/Kconfig
|
||||||
|
|
Loading…
Reference in New Issue