| @@ -161,20 +161,20 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 161 | set_kernel_config CONFIG_AUDIT y |
|
161 | set_kernel_config CONFIG_AUDIT y | |
| 162 |
|
162 | |||
| 163 | # harden strcpy and memcpy |
|
163 | # harden strcpy and memcpy | |
| 164 |
set_kernel_config CONFIG_HARDENED_USERCOPY |
|
164 | set_kernel_config CONFIG_HARDENED_USERCOPY y | |
| 165 |
set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR |
|
165 | set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y | |
| 166 |
set_kernel_config CONFIG_FORTIFY_SOURCE |
|
166 | set_kernel_config CONFIG_FORTIFY_SOURCE y | |
| 167 |
|
167 | |||
| 168 | # integrity sub-system |
|
168 | # integrity sub-system | |
| 169 |
set_kernel_config CONFIG_INTEGRITY |
|
169 | set_kernel_config CONFIG_INTEGRITY y | |
| 170 |
set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS |
|
170 | set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y | |
| 171 |
set_kernel_config CONFIG_INTEGRITY_AUDIT |
|
171 | set_kernel_config CONFIG_INTEGRITY_AUDIT y | |
| 172 |
set_kernel_config CONFIG_INTEGRITY_SIGNATURE |
|
172 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y | |
| 173 |
set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING |
|
173 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y | |
| 174 |
|
174 | |||
| 175 | # This option provides support for retaining authentication tokens and access keys in the kernel. |
|
175 | # This option provides support for retaining authentication tokens and access keys in the kernel. | |
| 176 |
set_kernel_config CONFIG_KEYS |
|
176 | set_kernel_config CONFIG_KEYS y | |
| 177 |
set_kernel_config CONFIG_KEYS_COMPAT |
|
177 | set_kernel_config CONFIG_KEYS_COMPAT y | |
| 178 |
|
178 | |||
| 179 | # Apparmor |
|
179 | # Apparmor | |
| 180 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 |
|
180 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 | |
| @@ -185,13 +185,13 if [ "$BUILD_KERNEL" = true ] ; then | |||||
| 185 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" |
|
185 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" | |
| 186 |
|
186 | |||
| 187 | # restrictions on unprivileged users reading the kernel |
|
187 | # restrictions on unprivileged users reading the kernel | |
| 188 |
set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT |
|
188 | set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y | |
| 189 |
|
189 | |||
| 190 | # network security hooks |
|
190 | # network security hooks | |
| 191 | set_kernel_config CONFIG_SECURITY_NETWORK y |
|
191 | set_kernel_config CONFIG_SECURITY_NETWORK y | |
| 192 |
set_kernel_config CONFIG_SECURITY_NETWORK_XFRM |
|
192 | set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y | |
| 193 |
set_kernel_config CONFIG_SECURITY_PATH |
|
193 | set_kernel_config CONFIG_SECURITY_PATH y | |
| 194 |
set_kernel_config CONFIG_SECURITY_YAMA |
|
194 | set_kernel_config CONFIG_SECURITY_YAMA n | |
| 195 |
|
195 | |||
| 196 | # New Options |
|
196 | # New Options | |
| 197 | if [ "$KERNEL_NF" = true ] ; then |
|
197 | if [ "$KERNEL_NF" = true ] ; then | |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
