From: Phil Sutter <psutter@xxxxxxxxxx> [redhat] Disable CONFIG_NETFILTER_XTABLES_COMPAT This setting seems to have slipped through review process: Before this symbol was introduced, the relevant feature was always enabled. Since it is there now, we should use the opportunity to disable it and avoid any further security holes it may contain in addition to the already fixed ones. diff a/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT b/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT --- a/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT +++ b/redhat/configs/common/generic/CONFIG_NETFILTER_XTABLES_COMPAT @@ -1 +1 @@ -CONFIG_NETFILTER_XTABLES_COMPAT=y +# CONFIG_NETFILTER_XTABLES_COMPAT is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1126 _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
