enable randomize_kstack_offset

This commit is contained in:
Raja Grewal 2022-07-13 04:34:35 +10:00
parent f572332108
commit 74858d257b
No known key found for this signature in database
GPG Key ID: E34A5801947020A5

View File

@ -29,6 +29,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"
## Enables page allocator freelist randomization.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1"
## Enables randomisation of the kernel stack offset on syscall entries (introduced in kernel 5.13).
## https://lkml.org/lkml/2019/3/18/246
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX randomize_kstack_offset=on"
## Enables kernel lockdown.
##
## Disabled for now as it enforces module signature verification which breaks