From 65f716ebdefd36cdc38bf421c981799771e1d86c Mon Sep 17 00:00:00 2001 From: Wolfgang Müller Date: Sat, 3 Jul 2021 11:53:51 +0200 Subject: fragments: Enable GENTOO_KERNEL_SELF_PROTECTION This setting pulls in a set of recommended settings [1] from the Kernel Self Protection Project. We are pretty sure that we exhaustively set all these manually already, but since Gentoo upstream provides this option, make use of it too. [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings --- fragments/base/security | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fragments/base/security b/fragments/base/security index 0ed122f..b2ed99c 100644 --- a/fragments/base/security +++ b/fragments/base/security @@ -14,3 +14,6 @@ CONFIG_IO_STRICT_DEVMEM=y # Unsure about musl support/static binaries? CONFIG_LEGACY_VSYSCALL_NONE=y + +CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y +CONFIG_GENTOO_KERNEL_SELF_PROTECTION_X86_64=y -- cgit v1.2.3-2-gb3c3