| 123456789101112131415 |
- # This is the equivalent of booting with lockdown=integrity
- CONFIG_SECURITY=y
- CONFIG_SECURITYFS=y
- CONFIG_SECURITY_LOCKDOWN_LSM=y
- CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
- CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
- # These are some general, reasonably inexpensive hardening options
- CONFIG_HARDENED_USERCOPY=y
- CONFIG_FORTIFY_SOURCE=y
- CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
- # UBSAN bounds checking is very cheap and good for hardening
- CONFIG_UBSAN=y
- # CONFIG_UBSAN_MISC is not set
|
