From c5de1eea42ce1cb69b7758075cb1c02d17efd812 Mon Sep 17 00:00:00 2001 From: Wolfgang Müller Date: Fri, 13 Aug 2021 12:02:26 +0200 Subject: fragments: Update to latest KSP recommendations The Gentoo KSP recommendations have changed slightly again, now requiring three different settings instead of just one. Additionally, in order to enable KSP at all, CONFIG_MODIFY_LDT_SYSCALL needs to be unset. --- fragments/base/security | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fragments/base/security b/fragments/base/security index af71cb1..2298445 100644 --- a/fragments/base/security +++ b/fragments/base/security @@ -17,4 +17,9 @@ CONFIG_IO_STRICT_DEVMEM=y # Unsure about musl support/static binaries? CONFIG_LEGACY_VSYSCALL_NONE=y +# Needed for SELF_PROTECTION +# CONFIG_MODIFY_LDT_SYSCALL is not set + +CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y +CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON=y CONFIG_GENTOO_KERNEL_SELF_PROTECTION_X86_64=y -- cgit v1.2.3-2-gb3c3