Skip to content
/ linux-hardened Public
forked from GrapheneOS/linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening

License

View license
502 stars 99 forks Activity
Star
Notifications

anthraxx/linux-hardened

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
8 branches 1,794 tags
Code
This branch is 288725 commits ahead, 4404 commits behind GrapheneOS:4.14-lts.
#26

Latest commit

@anthraxx
anthraxx ovl: add config to disable unprivileged user namespace mounts
95574b9 Mar 16, 2021
ovl: add config to disable unprivileged user namespace mounts 
When disabled, unprivileged users will not be able to create
new overlayfs mounts. This cuts the attack surface if no
unprivileged user namespace mounts are required like for
running rootless containers.

Signed-off-by: Levente Polyak <levente@leventepolyak.net>
95574b9

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Documentation
net: tcp: add option to disable TCP simultaneous connect
March 17, 2021 00:37
LICENSES
LICENSES: Add the CC-BY-4.0 license
December 8, 2020 10:33
arch
x86_64: bound mmap between legacy/modern bases
March 17, 2021 00:37
block
remove unused softirq_action callback parameter
March 17, 2021 00:37
certs
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
January 21, 2021 16:16
crypto
crypto: mips/poly1305 - enable for all MIPS processors
March 8, 2021 11:52
drivers
security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
March 17, 2021 00:37
fs
ovl: add config to disable unprivileged user namespace mounts
March 17, 2021 00:37
include
dccp: ccid: move timers to struct dccp_sock
March 17, 2021 00:37
init
add CONFIG for unprivileged_userns_clone
March 17, 2021 00:37
ipc
fs: make helpers idmap mount aware
January 24, 2021 14:27
kernel
enable BPF JIT hardening by default (if available)
March 17, 2021 00:37
lib
modpost: Add CONFIG_DEBUG_WRITABLE_FUNCTION_POINTERS_VERBOSE
March 17, 2021 00:37
mm
slub: Extend init_on_alloc to slab caches with constructors
March 17, 2021 00:37
net
Revert "dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()"
March 17, 2021 00:37
samples
Merge git://git.kernel.org:/pub/scm/linux/kernel/git/netdev/net
March 9, 2021 17:15
scripts
modpost: Add CONFIG_DEBUG_WRITABLE_FUNCTION_POINTERS_VERBOSE
March 17, 2021 00:37
security
enable SECURITY_TIOCSTI_RESTRICT by default
March 17, 2021 00:37
sound
ALSA: hda/hdmi: Cancel pending works before suspend
March 10, 2021 12:52
tools
security,perf: Allow further restriction of perf_event_open
March 17, 2021 00:37
usr
Merge tag 'kbuild-v5.12' of git://git.kernel.org/pub/scm/linux/kernel…
February 25, 2021 10:17
virt
KVM: x86/mmu: Consider the hva in mmu_notifier retry
February 22, 2021 13:16
.clang-format
Merge tag 'cxl-for-5.12' of git://git.kernel.org/pub/scm/linux/kernel…
February 24, 2021 09:38
.cocciconfig
scripts: add Linux .cocciconfig for coccinelle
July 22, 2016 12:13
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
May 16, 2019 10:53
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
December 4, 2019 19:44
.gitignore
Merge tag 'clang-lto-v5.12-rc1' of git://git.kernel.org/pub/scm/linux…
February 23, 2021 09:28
.mailmap
treewide: Miguel has moved
February 26, 2021 09:41
COPYING
COPYING: state that all contributions really are covered by this file
February 10, 2020 13:32
CREDITS
treewide: Miguel has moved
February 26, 2021 09:41
Kbuild
kbuild: rename hostprogs-y/always to hostprogs/always-y
February 4, 2020 01:53
Kconfig
kbuild: ensure full rebuild when the compiler is updated
May 12, 2020 13:28
MAINTAINERS
Merge branch 'akpm' (patches from Andrew)
March 14, 2021 12:23
Makefile
Linux 5.12-rc3
March 14, 2021 14:41
README
Drop all 00-INDEX files from Documentation/
September 9, 2018 15:08

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.

About

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening

Resources

Readme

License

View license
Activity

Stars

502 stars

Watchers

26 watching

Forks

99 forks
Report repository

Releases 1,794

6.5.13-hardened1 Latest
Nov 29, 2023
+ 1,793 releases

Languages

  • C 97.5%
  • Assembly 1.0%
  • C++ 0.7%
  • Shell 0.3%
  • Makefile 0.2%
  • Perl 0.1%
  • Other 0.2%