mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
Enable BPF JIT hardening by default
as per GrapheneOS, eg.
65f68fd04f
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi
parent
28d2113957
commit
319f57d098
@ -42,6 +42,10 @@ else
|
||||
sed -i 's/static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);/static bool slab_nomerge __ro_after_init = true;/' kernel/*/*/mm/slab_common.c &>/dev/null || true; #4.13+
|
||||
fi;
|
||||
|
||||
#Enable BPF JIT hardening
|
||||
sed -i 's/int bpf_jit_harden __read_mostly;/int bpf_jit_harden __read_mostly = 2;/' kernel/*/*/kernel/bpf/core.c &>/dev/null || true;
|
||||
sed -i 's/int bpf_jit_harden __read_mostly;/int bpf_jit_harden __read_mostly = 2;/' kernel/*/*/kernel/bpf/core.c &>/dev/null || true;
|
||||
|
||||
#Enable page poisoning
|
||||
#Commented as set by defconfig
|
||||
#sed -i 's/= IS_ENABLED(CONFIG_PAGE_POISONING_ENABLE_DEFAULT);/= true;/' kernel/*/*/mm/page_poison.c &>/dev/null || true; #4.4+ #XXX: shouldn't be enabled past 5.3
|
||||
|
||||
Loading…
Reference in New Issue
Block a user