blob: f7e97b509b5a9ac8c38c44e264ab82471db90fd0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
diff -Naur linux-4.8.15-hardened-r1.orig/security/Kconfig linux-4.8.15-hardened-r1/security/Kconfig
--- linux-4.8.15-hardened-r1.orig/security/Kconfig 2017-01-01 12:10:19.638828792 -0500
+++ linux-4.8.15-hardened-r1/security/Kconfig 2017-01-01 12:14:05.434836657 -0500
@@ -293,7 +293,7 @@
config PAX_PT_PAX_FLAGS
bool 'Use ELF program header marking'
- default y if GRKERNSEC_CONFIG_AUTO
+ default n
help
Enabling this option will allow you to control PaX features on
a per executable basis via the 'paxctl' utility available at
@@ -312,9 +312,12 @@
If you enable none of the marking options then all applications
will run with PaX enabled on them by default.
+ Note for Gentoo: PT_PAX_FLAGS has been deprecated in Gentoo. Enable
+ this only for legacy systems.
+
config PAX_XATTR_PAX_FLAGS
bool 'Use filesystem extended attributes marking'
- default y if GRKERNSEC_CONFIG_AUTO
+ default y
select CIFS_XATTR if CIFS
select EXT2_FS_XATTR if EXT2_FS
select EXT3_FS_XATTR if EXT3_FS
@@ -343,6 +346,9 @@
If you enable none of the marking options then all applications
will run with PaX enabled on them by default.
+ Note for Gentoo: XATTR_PAX_FLAGS is now the default in Gentoo. Do
+ not disable this unless you know what you're doing.
+
choice
prompt 'MAC system integration'
default PAX_HAVE_ACL_FLAGS
|
GitWeb
