[linux-yocto] [PATCH 0/1] Harden kernel configuration
Bruce Ashfield
bruce.ashfield at windriver.com
Tue Aug 14 09:53:06 PDT 2018
On 08/13/2018 11:31 PM, Anuj Mittal wrote:
> This change adds a feature to enable some of the kernel configs that
> improve kernel self-protection/security. More details are available at
> the kernel self-protection project page [1].
>
> This is not being enabled by default and can be included using
> KERNEL_FEATURES if required by a BSP.
Sometimes a bit more granularity in features is nice (i.e. if you
are really watching the kernel size), so when I first read the
new fragment .. that thought came to mind.
But I see more value in having them as a single toggle for some
best practices security options.
This is now merged, and the SRCREV updates will follow soon.
Bruce
>
> Can this be merged in master/4.14/4.15 please?
>
> [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
>
> Anuj Mittal (1):
> features/security: add configs to harden protection
>
> features/security/security.cfg | 48 ++++++++++++++++++++++++++++++++++
> features/security/security.scc | 4 +++
> 2 files changed, 52 insertions(+)
> create mode 100644 features/security/security.cfg
> create mode 100644 features/security/security.scc
>
More information about the linux-yocto
mailing list