Add cmdline checks to '--print'

author Alexander Popov <alex.popov@linux.com>

Sun, 27 Mar 2022 20:03:02 +0000 (23:03 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 28 May 2022 16:12:28 +0000 (19:12 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 27 Mar 2022 20:03:02 +0000 (23:03 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 28 May 2022 16:12:28 +0000 (19:12 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 17bf7bebca5f7b852773435f8499009ff4a542b2..7324a9eebaece13b9a0f2800651281f30e4f7251 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -656,6 +656,14 @@ def add_kconfig_checks(l, arch):
  #   l += [KconfigCheck('feature_test', 'my', 'LKDTM', 'm')] # only for debugging!
  
  
+def add_cmdline_checks(l, arch):
+    # Calling the CmdlineCheck class constructor:
+    #     CmdlineCheck(reason, decision, name, expected)
+
+    l += [CmdlineCheck('self_protection', 'kspp', 'randomize_kstack_offset', 'on')]
+    # TODO: add other
+
+
  def print_unknown_options(checklist, parsed_options):
      known_options = []
  
@@ -861,6 +869,7 @@ def main():
              sys.exit('[!] ERROR: wrong mode "{}" for --print'.format(mode))
          arch = args.print
          add_kconfig_checks(config_checklist, arch)
+        add_cmdline_checks(config_checklist, arch)
          if mode != 'json':
              print('[+] Printing kernel security hardening preferences for {}...'.format(arch))
          print_checklist(mode, config_checklist, False)
author	Alexander Popov <alex.popov@linux.com>
	Sun, 27 Mar 2022 20:03:02 +0000 (23:03 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 28 May 2022 16:12:28 +0000 (19:12 +0300)