On 08/13/2018 11:31 PM, Anuj Mittal wrote:
This change adds a feature to enable some of the kernel configs that
improve kernel self-protection/security. More details are available at
the kernel self-protection project page [1].
This is not being enabled by default and can be included using
KERNEL_FEATURES if required by a BSP.
Sometimes a bit more granularity in features is nice (i.e. if you
are really watching the kernel size), so when I first read the
new fragment .. that thought came to mind.
But I see more value in having them as a single toggle for some
best practices security options.
This is now merged, and the SRCREV updates will follow soon.
Bruce
Can this be merged in master/4.14/4.15 please?
[1]
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
Anuj Mittal (1):
features/security: add configs to harden protection
features/security/security.cfg | 48 ++++++++++++++++++++++++++++++++++
features/security/security.scc | 4 +++
2 files changed, 52 insertions(+)
create mode 100644 features/security/security.cfg
create mode 100644 features/security/security.scc
--
_______________________________________________
linux-yocto mailing list
linux-yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/linux-yocto
