linux.git - Linus' kernel tree

diff options

author	Joel Stanley <joel@jms.id.au>	2020-01-21 15:29:57 +1100
committer	Michael Ellerman <mpe@ellerman.id.au>	2020-01-31 21:20:17 +1100
commit	579baeece66ef9360da7d815fd328faf271a3008 (patch)
tree	f5c63e3cb0d3784e15ec2dd5525fef65fa1be06b /tools/perf/scripts/python/export-to-postgresql.py
parent	cdc7b23f1e90983cb5fb0c9a0a5e6e08b5d71563 (diff)

powerpc/configs/skiroot: Enable security features

This turns on HARDENED_USERCOPY with HARDENED_USERCOPY_PAGESPAN, and FORTIFY_SOURCE. It also enables SECURITY_LOCKDOWN_LSM with _EARLY and LOCK_DOWN_KERNEL_FORCE_INTEGRITY options enabled. This still allows xmon to be used in read-only mode. MODULE_SIG is selected by lockdown, so it is still enabled. Because we're setting LOCK_DOWN_KERNELFORCE_INTEGRITY=y we also need to enable KEXEC_FILE=y so that kexec continues to work. Signed-off-by: Joel Stanley <joel@jms.id.au> [mpe: Switch to lockdown integrity mode per oohal, enable KEXEC_FILE as reported by jms] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20200121043000.16212-7-mpe@ellerman.id.au

Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: