From: Phil Sutter <[email protected]> [redhat] Disable CONFIG_NETFILTER_XTABLES_COMPAT
This setting seems to have slipped through review process: Before this symbol was introduced, the relevant feature was always enabled. Since it is there now, we should use the opportunity to disable it and avoid any further security holes it may contain in addition to the already fixed ones. diff a/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT b/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT --- a/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT +++ b/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT @@ -1 +1 @@ -CONFIG_NETFILTER_XTABLES_COMPAT=y +# CONFIG_NETFILTER_XTABLES_COMPAT is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1126 _______________________________________________ kernel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
