[OS-BUILD PATCH] [redhat] New configs in security/Kconfig.hardening

CKI ARK Bot (via Email Bridge) Tue, 25 Mar 2025 06:44:28 -0700

From: Fedora Kernel Team <kernel-t...@fedoraproject.org>

[redhat] New configs in security/Kconfig.hardening


Hi,

As part of the ongoing rebase effort, the following configuration
options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply
with a better option.

 Symbol: HARDENED_USERCOPY_DEFAULT_ON [=y]
 Type  : bool
 Defined at security/Kconfig.hardening:306
   Prompt: Harden memory copies by default
   Depends on: HARDENED_USERCOPY [=y]
   Location:
     -> Security options
       -> Kernel hardening options
         -> Bounds checking
           -> Harden memory copies between kernel and userspace 
(HARDENED_USERCOPY [=y])
             -> Harden memory copies by default (HARDENED_USERCOPY_DEFAULT_ON 
[=y])

 Commit: d2132f453e33 (mm: security: Allow default HARDENED_USERCOPY to be set 
at compile time)

---

Signed-off-by: Fedora Kernel Team <kernel-t...@fedoraproject.org>

diff --git 
a/redhat/configs/pending-rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON 
b/redhat/configs/pending-rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/pending-rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
+++ /dev/null
@@ -1,16 +0,0 @@
-# Symbol: HARDENED_USERCOPY_DEFAULT_ON [=y]
-# Type  : bool
-# Defined at security/Kconfig.hardening:306
-#   Prompt: Harden memory copies by default
-#   Depends on: HARDENED_USERCOPY [=y]
-#   Location:
-#     -> Security options
-#       -> Kernel hardening options
-#         -> Bounds checking
-#           -> Harden memory copies between kernel and userspace 
(HARDENED_USERCOPY [=y])
-#             -> Harden memory copies by default (HARDENED_USERCOPY_DEFAULT_ON 
[=y])
-# 
-# 
-# 
-# Commit: d2132f453e33 (mm: security: Allow default HARDENED_USERCOPY to be 
set at compile time)
-CONFIG_HARDENED_USERCOPY_DEFAULT_ON=y
diff --git a/redhat/configs/rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON 
b/redhat/configs/rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/configs/rhel/generic/CONFIG_HARDENED_USERCOPY_DEFAULT_ON
@@ -0,0 +1 @@
+CONFIG_HARDENED_USERCOPY_DEFAULT_ON=y

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3751

-- 
_______________________________________________
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[OS-BUILD PATCH] [redhat] New configs in security/Kconfig.hardening

Reply via email to