| Commit message (Collapse) | Author | Age | Lines |
|---|
| |
|
|
|
| |
This option is now needed for Kernel Self Protection system to be
available.
|
| |
|
|
| |
This option no longer exists in versions >= 5.18.7.
|
| |
|
|
|
| |
This should be safe to have enabled (but unused) and gives us an extra
layer of potential mitigation of SMT side channels.
|
| | |
|
| |
|
|
|
|
| |
The Gentoo KSP recommendations have changed slightly again, now
requiring three different settings instead of just one. Additionally, in
order to enable KSP at all, CONFIG_MODIFY_LDT_SYSCALL needs to be unset.
|
| |
|
|
|
|
| |
An upcoming commit updates to the latest KSP recommendations and
requires this particular setting as a direct dependency for
CONFIG_SECURITY_YAMA.
|
| |
|
|
|
|
| |
The newer versions of sys-kernel/gentoo-sources do not have this switch
anymore, instead relying only on the architecture-specific switches.
Remove it.
|
| |
|
|
|
|
|
|
|
| |
This setting pulls in a set of recommended settings [1] from the Kernel
Self Protection Project. We are pretty sure that we exhaustively set all
these manually already, but since Gentoo upstream provides this option,
make use of it too.
[1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
|
| |
|
|
|
| |
These options have either been merged into others or enabled
unconditionally.
|
| | |
|
| |
|
