| @@ -161,20 +161,20 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
161 | 161 | set_kernel_config CONFIG_AUDIT y |
|
|
162 | 162 | |
|
|
163 | 163 | # harden strcpy and memcpy |
|
|
164 |
set_kernel_config CONFIG_HARDENED_USERCOPY |
|
|
|
165 |
set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR |
|
|
|
166 |
set_kernel_config CONFIG_FORTIFY_SOURCE |
|
|
|
164 | set_kernel_config CONFIG_HARDENED_USERCOPY y | |
|
|
165 | set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y | |
|
|
166 | set_kernel_config CONFIG_FORTIFY_SOURCE y | |
|
|
167 | 167 | |
|
|
168 | 168 | # integrity sub-system |
|
|
169 |
set_kernel_config CONFIG_INTEGRITY |
|
|
|
170 |
set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS |
|
|
|
171 |
set_kernel_config CONFIG_INTEGRITY_AUDIT |
|
|
|
172 |
set_kernel_config CONFIG_INTEGRITY_SIGNATURE |
|
|
|
173 |
set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING |
|
|
|
169 | set_kernel_config CONFIG_INTEGRITY y | |
|
|
170 | set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y | |
|
|
171 | set_kernel_config CONFIG_INTEGRITY_AUDIT y | |
|
|
172 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y | |
|
|
173 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y | |
|
|
174 | 174 | |
|
|
175 | 175 | # This option provides support for retaining authentication tokens and access keys in the kernel. |
|
|
176 |
set_kernel_config CONFIG_KEYS |
|
|
|
177 |
set_kernel_config CONFIG_KEYS_COMPAT |
|
|
|
176 | set_kernel_config CONFIG_KEYS y | |
|
|
177 | set_kernel_config CONFIG_KEYS_COMPAT y | |
|
|
178 | 178 | |
|
|
179 | 179 | # Apparmor |
|
|
180 | 180 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 |
| @@ -185,13 +185,13 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
185 | 185 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" |
|
|
186 | 186 | |
|
|
187 | 187 | # restrictions on unprivileged users reading the kernel |
|
|
188 |
set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT |
|
|
|
188 | set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y | |
|
|
189 | 189 | |
|
|
190 | 190 | # network security hooks |
|
|
191 | 191 | set_kernel_config CONFIG_SECURITY_NETWORK y |
|
|
192 |
set_kernel_config CONFIG_SECURITY_NETWORK_XFRM |
|
|
|
193 |
set_kernel_config CONFIG_SECURITY_PATH |
|
|
|
194 |
set_kernel_config CONFIG_SECURITY_YAMA |
|
|
|
192 | set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y | |
|
|
193 | set_kernel_config CONFIG_SECURITY_PATH y | |
|
|
194 | set_kernel_config CONFIG_SECURITY_YAMA n | |
|
|
195 | 195 | |
|
|
196 | 196 | # New Options |
|
|
197 | 197 | if [ "$KERNEL_NF" = true ] ; then |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
