Update of /cvsroot/devil-linux/build/scripts/config/linux-4.x
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv24847
Modified Files:
config_linux.686
Log Message:
sync grsec config between 686 and x86_64
Index: config_linux.686
===================================================================
RCS file: /cvsroot/devil-linux/build/scripts/config/linux-4.x/config_linux.686,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- config_linux.686 26 Dec 2015 20:38:36 -0000 1.13
+++ config_linux.686 2 Jan 2016 14:50:53 -0000 1.14
@@ -4971,6 +4971,7 @@
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
CONFIG_GRKERNSEC_CONFIG_CUSTOM=y
+CONFIG_GRKERNSEC_SYMLINKOWN_GID=103
#
# Customize Configuration
@@ -5040,7 +5041,7 @@
# CONFIG_GRKERNSEC_MODHARDEN is not set
CONFIG_GRKERNSEC_HIDESYM=y
# CONFIG_GRKERNSEC_RANDSTRUCT is not set
-CONFIG_GRKERNSEC_KERN_LOCKOUT=y
+# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
#
# Role Based Access Control Options
@@ -5057,8 +5058,8 @@
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
-# CONFIG_GRKERNSEC_SYMLINKOWN is not set
-CONFIG_GRKERNSEC_FIFO=y
+CONFIG_GRKERNSEC_SYMLINKOWN=y
+# CONFIG_GRKERNSEC_FIFO is not set
CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
# CONFIG_GRKERNSEC_ROFS is not set
# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set
@@ -5083,16 +5084,16 @@
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
-CONFIG_GRKERNSEC_EXECLOG=y
+# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
-CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
CONFIG_GRKERNSEC_AUDIT_PTRACE=y
-CONFIG_GRKERNSEC_AUDIT_CHDIR=n
+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
-CONFIG_GRKERNSEC_PROC_IPADDR=y
+# CONFIG_GRKERNSEC_PROC_IPADDR is not set
CONFIG_GRKERNSEC_RWXMAP_LOG=y
#
@@ -5100,7 +5101,7 @@
#
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_HARDEN_PTRACE=y
-# CONFIG_GRKERNSEC_PTRACE_READEXEC is not set
+CONFIG_GRKERNSEC_PTRACE_READEXEC=y
# CONFIG_GRKERNSEC_SETXID is not set
# CONFIG_GRKERNSEC_HARDEN_IPC is not set
# CONFIG_GRKERNSEC_TPE is not set
@@ -5122,13 +5123,13 @@
#
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set
-# CONFIG_GRKERNSEC_SYSCTL_ON is not set
+CONFIG_GRKERNSEC_SYSCTL_ON=y
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
-CONFIG_GRKERNSEC_FLOODBURST=10
+CONFIG_GRKERNSEC_FLOODBURST=6
CONFIG_KEYS=y
# CONFIG_PERSISTENT_KEYRINGS is not set
# CONFIG_BIG_KEYS is not set
|
