about summary refs log tree commit diff
path: root/pkgs/os-specific/linux/kernel/hardened-config.nix
AgeCommit message (Collapse)AuthorFilesLines
2017-05-18linux_hardened: enable checks on scatter-gather tablesJoachim Fasting1-0/+1
Recommended by kspp
2017-05-09linux_hardened: enable structleak pluginJoachim Fasting1-0/+4
A port of the PaX structleak plugin. Note that this version of structleak seems to cover less ground than the PaX original (only marked structs are zeroed). [1] [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61f13eaa1ee17728c41370100d2d45c254ce76f
2017-05-09linux_hardened: BUG on struct validation failureJoachim Fasting1-0/+4
2017-05-09linux_hardened: move to 4.11Joachim Fasting1-6/+3
Note that DEBUG_RODATA has been split into STRICT_KERNEL_RWX & STRICT_MODULE_RWX, which are on by default (non-optional).
2017-05-09linux_hardened: compile with stackprotector-strongJoachim Fasting1-0/+3
Default is regular, which we need to unset for kconfig to accept the new value.
2017-04-30linux_hardened: initJoachim Fasting1-0/+54
The rationale for this is to have a place to enable hardening features that are either too invasive or that may be speculative/yet proven to be worthwhile for general-purpose kernels.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-25 10:47:59 +0000