File: security.config

package info (click to toggle)
linux 6.1.133-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 1,496,136 kB
  • sloc: ansic: 23,466,380; asm: 266,559; sh: 110,511; makefile: 49,889; python: 36,990; perl: 36,827; cpp: 6,056; yacc: 4,908; lex: 2,725; awk: 1,440; ruby: 25; sed: 5
file content (15 lines) | stat: -rw-r--r-- 468 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
# This is the equivalent of booting with lockdown=integrity
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y

# These are some general, reasonably inexpensive hardening options
CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y

# UBSAN bounds checking is very cheap and good for hardening
CONFIG_UBSAN=y
# CONFIG_UBSAN_MISC is not set