]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - lfs/linux
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Kernel: Block non-UID-0 profiling completely
[ipfire-2.x.git] / lfs / linux
diff --git a/lfs/linux b/lfs/linux
index bd9e0cc6506f80223ef274ea2a3ef2794e5d6eef..018892f7f2b056f6b08de97c9cce734491e9fe6d 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
@@ -137,6 +137,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        # fix Boot with enabled usercopy hardening
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch
 
+       # Patch performance monitoring restrictions to allow further hardening
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch
+
 ifeq "$(BUILD_ARCH)" "armv6l"
        # Apply Arm-multiarch kernel patches.
        cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
IPFire 2.x development tree