fragments: Update to latest KSP recommendations

The Gentoo KSP recommendations have changed slightly again, now requiring three different settings instead of just one. Additionally, in order to enable KSP at all, CONFIG_MODIFY_LDT_SYSCALL needs to be unset.
author: Wolfgang Müller 2021-08-13 12:02:26 +0200
committer: Wolfgang Müller 2021-08-13 12:02:26 +0200
commit: c5de1eea42ce1cb69b7758075cb1c02d17efd812 (patch)
tree: a5bbb1caf04130b2a6127b6565a51c7653de6e37 /fragments
parent: beca23fc675ee811c2c6191093b331cf2bbd549d (diff)
download: kernfrag-c5de1eea42ce1cb69b7758075cb1c02d17efd812.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/fragments/base/security b/fragments/base/security
index af71cb1..2298445 100644
--- a/fragments/base/security
+++ b/fragments/base/security
@@ -17,4 +17,9 @@ CONFIG_IO_STRICT_DEVMEM=y
 # Unsure about musl support/static binaries?
 CONFIG_LEGACY_VSYSCALL_NONE=y
 
+# Needed for SELF_PROTECTION
+# CONFIG_MODIFY_LDT_SYSCALL is not set
+
+CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y
+CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON=y
 CONFIG_GENTOO_KERNEL_SELF_PROTECTION_X86_64=y
author	Wolfgang Müller	2021-08-13 12:02:26 +0200
committer	Wolfgang Müller	2021-08-13 12:02:26 +0200
commit	c5de1eea42ce1cb69b7758075cb1c02d17efd812 (patch)
tree	a5bbb1caf04130b2a6127b6565a51c7653de6e37 /fragments
parent	beca23fc675ee811c2c6191093b331cf2bbd549d (diff)
download	kernfrag-c5de1eea42ce1cb69b7758075cb1c02d17efd812.tar.gz