CONFIG_SECURITY=y

CONFIG_GCC_PLUGINS=y
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y

# CONFIG_COMPAT_BRK is not set
# CONFIG_SLAB_MERGE_DEFAULT is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y

CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y

CONFIG_IO_STRICT_DEVMEM=y

# Unsure about musl support/static binaries?
CONFIG_LEGACY_VSYSCALL_NONE=y

# Needed for SELF_PROTECTION
# CONFIG_MODIFY_LDT_SYSCALL is not set
CONFIG_IOMMU_DEFAULT_DMA_STRICT=y

CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y
CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON=y
CONFIG_GENTOO_KERNEL_SELF_PROTECTION_X86_64=y