fragments: Enable GENTOO_KERNEL_SELF_PROTECTION

This setting pulls in a set of recommended settings [1] from the Kernel Self Protection Project. We are pretty sure that we exhaustively set all these manually already, but since Gentoo upstream provides this option, make use of it too. [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
author: Wolfgang Müller 2021-07-03 11:53:51 +0200
committer: Wolfgang Müller 2021-07-03 11:53:51 +0200
commit: 65f716ebdefd36cdc38bf421c981799771e1d86c (patch)
tree: 41f44749fb3481e5a527e8c56bc2cacac9693799
parent: f0cad63c23161df7b5b4447f8912d3c7fc3bdf8f (diff)
download: kernfrag-65f716ebdefd36cdc38bf421c981799771e1d86c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/fragments/base/security b/fragments/base/security
index 0ed122f..b2ed99c 100644
--- a/fragments/base/security
+++ b/fragments/base/security
@@ -14,3 +14,6 @@ CONFIG_IO_STRICT_DEVMEM=y
 
 # Unsure about musl support/static binaries?
 CONFIG_LEGACY_VSYSCALL_NONE=y
+
+CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y
+CONFIG_GENTOO_KERNEL_SELF_PROTECTION_X86_64=y
author	Wolfgang Müller	2021-07-03 11:53:51 +0200
committer	Wolfgang Müller	2021-07-03 11:53:51 +0200
commit	65f716ebdefd36cdc38bf421c981799771e1d86c (patch)
tree	41f44749fb3481e5a527e8c56bc2cacac9693799
parent	f0cad63c23161df7b5b4447f8912d3c7fc3bdf8f (diff)
download	kernfrag-65f716ebdefd36cdc38bf421c981799771e1d86c.tar.gz