diff options
| author | Joel Stanley <[email protected]> | 2020-01-21 15:29:57 +1100 |
|---|---|---|
| committer | Michael Ellerman <[email protected]> | 2020-01-31 21:20:17 +1100 |
| commit | 579baeece66ef9360da7d815fd328faf271a3008 (patch) | |
| tree | f5c63e3cb0d3784e15ec2dd5525fef65fa1be06b /tools/perf/scripts/python/export-to-postgresql.py | |
| parent | cdc7b23f1e90983cb5fb0c9a0a5e6e08b5d71563 (diff) | |
powerpc/configs/skiroot: Enable security features
This turns on HARDENED_USERCOPY with HARDENED_USERCOPY_PAGESPAN, and
FORTIFY_SOURCE.
It also enables SECURITY_LOCKDOWN_LSM with _EARLY and
LOCK_DOWN_KERNEL_FORCE_INTEGRITY options enabled. This still allows
xmon to be used in read-only mode.
MODULE_SIG is selected by lockdown, so it is still enabled.
Because we're setting LOCK_DOWN_KERNELFORCE_INTEGRITY=y we also need
to enable KEXEC_FILE=y so that kexec continues to work.
Signed-off-by: Joel Stanley <[email protected]>
[mpe: Switch to lockdown integrity mode per oohal, enable KEXEC_FILE
as reported by jms]
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions