From: Herton R. Krzesinski <herton@xxxxxxxxxx> redhat: switch the vsyscall config to CONFIG_LEGACY_VSYSCALL_XONLY=y Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1876977 As discussed upstream eg. at https://lore.kernel.org/linux-api/87h7bzjaer.fsf@xxxxxxxxxxxxxxxxxxxxxxxx/T/ and pointed on the bug's description above, VSYSCALL_XONLY is more secure while still maintaining useful backward compatibility. We also plan to do this change on the RHEL side with a centos-stream-9 change, so the change here covers both Fedora and RHEL/CentOS. Signed-off-by: Herton R. Krzesinski <herton@xxxxxxxxxx> diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE index blahblah..blahblah 100644 --- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE +++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE @@ -1 +1 @@ -CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_EMULATE is not set diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY index blahblah..blahblah 100644 --- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY +++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY @@ -1 +1 @@ -# CONFIG_LEGACY_VSYSCALL_XONLY is not set +CONFIG_LEGACY_VSYSCALL_XONLY=y -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531 _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
