FORTIFY_SOURCE is a hardening option both at build and runtime. Move
it under 'Kernel hardening options'.
Signed-off-by: Mel Gorman <mgor...@techsingularity.net>
Acked-by: Paul Moore <p...@paul-moore.com>
---
security/Kconfig | 9 ---------
security/Kconfig.hardening | 9 +++++++++
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/security/Kconfig b/security/Kconfig
index fe7346dc4bc3..bca84f839fbe 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -159,15 +159,6 @@ config LSM_MMAP_MIN_ADDR
this low address space will need the permission specific to the
systems running LSM.
-config FORTIFY_SOURCE
- bool "Harden common str/mem functions against buffer overflows"
- depends on ARCH_HAS_FORTIFY_SOURCE
- # https://github.com/llvm/llvm-project/issues/53645
- depends on !CC_IS_CLANG || !X86_32
- help
- Detect overflows of buffers in common string and memory functions
- where the compiler can determine and validate the buffer sizes.
-
config STATIC_USERMODEHELPER
bool "Force all usermode helper calls through a single binary"
help
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 3a941cc45396..1ce9009c3cc6 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -281,6 +281,15 @@ endmenu
menu "Bounds checking"
+config FORTIFY_SOURCE
+ bool "Harden common str/mem functions against buffer overflows"
+ depends on ARCH_HAS_FORTIFY_SOURCE
+ # https://github.com/llvm/llvm-project/issues/53645
+ depends on !CC_IS_CLANG || !X86_32
+ help
+ Detect overflows of buffers in common string and memory functions
+ where the compiler can determine and validate the buffer sizes.
+
config HARDENED_USERCOPY
bool "Harden memory copies between kernel and userspace"
imply STRICT_DEVMEM
--
2.43.0
