mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 16:59:27 -05:00
enable randomize_kstack_offset
This commit is contained in:
parent
f572332108
commit
74858d257b
@ -29,6 +29,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"
|
||||
## Enables page allocator freelist randomization.
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1"
|
||||
|
||||
## Enables randomisation of the kernel stack offset on syscall entries (introduced in kernel 5.13).
|
||||
## https://lkml.org/lkml/2019/3/18/246
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX randomize_kstack_offset=on"
|
||||
|
||||
## Enables kernel lockdown.
|
||||
##
|
||||
## Disabled for now as it enforces module signature verification which breaks
|
||||
|
Loading…
Reference in New Issue
Block a user