Skip to content

K
kernel-hardening-checker
Commit 9d342aac by Alexander Popov
Options

Add the comment about kernel.randomize_va_space 

Thanks to @izh1979 for the idea.
parent dfad55c4
Showing with 1 additions and 2 deletions
kconfig_hardened_check/__init__.py
...@@ -58,11 +58,9 @@ ...@@ -58,11 +58,9 @@
# what about bpf_jit_enable? # what about bpf_jit_enable?
# kernel.unprivileged_bpf_disabled=1 # kernel.unprivileged_bpf_disabled=1
# net.core.bpf_jit_harden=2 # net.core.bpf_jit_harden=2
#
# vm.unprivileged_userfaultfd=0 # vm.unprivileged_userfaultfd=0
# (at first, it disabled unprivileged userfaultfd, # (at first, it disabled unprivileged userfaultfd,
# and since v5.11 it enables unprivileged userfaultfd for user-mode only) # and since v5.11 it enables unprivileged userfaultfd for user-mode only)
#
# dev.tty.ldisc_autoload=0 # dev.tty.ldisc_autoload=0
# fs.protected_symlinks=1 # fs.protected_symlinks=1
# fs.protected_hardlinks=1 # fs.protected_hardlinks=1
...@@ -70,6 +68,7 @@ ...@@ -70,6 +68,7 @@
# fs.protected_regular=2 # fs.protected_regular=2
# fs.suid_dumpable=0 # fs.suid_dumpable=0
# kernel.modules_disabled=1 # kernel.modules_disabled=1
# kernel.randomize_va_space = 2
# pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring # pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment