On Sat, Oct 31, 2020 at 11:49:11 +0100, Steffen Klassert wrote: > On Fri, Oct 16, 2020 at 03:36:12PM +0200, Antony Antony wrote: > > redact XFRM SA secret in the netlink response to xfrm_get_sa() > > or dumpall sa. > > Enable this at build time and set kernel lockdown to confidentiality. > > Wouldn't it be better to enable is at boot or runtime? This defaults > to 'No' at build time, so distibutions will not compile it in. That > means that noone who uses a kernel that comes with a Linux distribution > can use that.
It is a good idea. I will send new version soon. thanks, -antony
