[OS-BUILD PATCH] redhat: switch the vsyscall config to CONFIG_LEGACY_VSYSCALL_XONLY=y

[Herton R. Krzesinski (via Email Bridge)]

From: Herton R. Krzesinski <her...@redhat.com>

redhat: switch the vsyscall config to CONFIG_LEGACY_VSYSCALL_XONLY=y

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1876977

As discussed upstream eg. at 
https://lore.kernel.org/linux-api/87h7bzjaer....@oldenburg.str.redhat.com/T/
and pointed on the bug's description above, VSYSCALL_XONLY is more
secure while still maintaining useful backward compatibility.

We also plan to do this change on the RHEL side with a centos-stream-9
change, so the change here covers both Fedora and RHEL/CentOS.

Signed-off-by: Herton R. Krzesinski <her...@redhat.com>

diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE 
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
+++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
@@ -1 +1 @@
-CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY 
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
+++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
@@ -1 +1 @@
-# CONFIG_LEGACY_VSYSCALL_XONLY is not set
+CONFIG_LEGACY_VSYSCALL_XONLY=y

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531
_______________________________________________
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure