Check SECURITY_SELINUX_BOOTPARAM (recommended by Clip OS)

author Alexander Popov <alex.popov@linux.com>

Sun, 9 Oct 2022 18:25:33 +0000 (21:25 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 9 Oct 2022 18:25:33 +0000 (21:25 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 9 Oct 2022 18:25:33 +0000 (21:25 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 9 Oct 2022 18:25:33 +0000 (21:25 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 7cc81d6b95e6367a551c3412e3a456898df15e38..9dcc9d82f7340cdd79af7ec60bd9acf040338754 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -534,6 +534,7 @@ def add_kconfig_checks(l, arch):
      l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_YAMA', 'y')]
      l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_LANDLOCK', 'y')]
      l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_SELINUX_DISABLE', 'is not set')]
+    l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_SELINUX_BOOTPARAM', 'is not set')]
      l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_LOCKDOWN_LSM', 'y')]
      l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_LOCKDOWN_LSM_EARLY', 'y')]
      l += [KconfigCheck('security_policy', 'clipos', 'LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y')]
author	Alexander Popov <alex.popov@linux.com>
	Sun, 9 Oct 2022 18:25:33 +0000 (21:25 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 9 Oct 2022 18:25:33 +0000 (21:25 +0300)