github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 17:26:28 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1326 from riyazdf/kspp-project

Browse Source 
[project] KSPP
This commit is contained in:
Justin Cormack 2017-03-17 18:07:11 +00:00 committed by GitHub
commit bea807ecde
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
projects/kspp/roadmap.md Normal file
View File

@ -0,0 +1,21 @@
# Kernel Self Protection Project (KSPP)
The [Kernel Self Protection Project](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project) is a community
effort to harden the upstream Linux kernel by eliminating classes of vulnerabilities.
Many similar protections have existed in other projects, but have yet to have been upstreamed. Since Moby is a consumer
of the Linux kernel and aims to be the most secure distro it can be, it is in our maintainers' best interests to collaborate
on upstream Linux security measures.
## Roadmap
**Near-term:**
- We've aligned our `kernel_config` and `sysctl` settings with the
[KSPP recommendations](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#Recommended_settings) -
we should continue to track these
- Note: we check for these settings in our CI tests (see `check_kernel_config.sh`)
- @tych0 is working on KSPP patches, which are submitted to the [kernel hardening mailing list](http://www.openwall.com/lists/kernel-hardening/)
**Long-term:**
- Increase involvement in the project