From: Herton R. Krzesinski
redhat: switch the vsyscall config to CONFIG_LEGACY_VSYSCALL_XONLY=y
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1876977
As discussed upstream eg. at
https://lore.kernel.org/linux-api/87h7bzjaer@oldenburg.str.redhat.com/T/
and pointed on the bug's description above, VSYSCALL_XONLY is more
secure while still maintaining useful backward compatibility.
We also plan to do this change on the RHEL side with a centos-stream-9
change, so the change here covers both Fedora and RHEL/CentOS.
Signed-off-by: Herton R. Krzesinski
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
+++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
@@ -1 +1 @@
-CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
+++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
@@ -1 +1 @@
-# CONFIG_LEGACY_VSYSCALL_XONLY is not set
+CONFIG_LEGACY_VSYSCALL_XONLY=y
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure