mirror of
				https://github.com/linuxkit/linuxkit.git
				synced 2025-10-26 17:14:06 +00:00 
			
		
		
		
	
		
			
				
	
	
	
		
			1.0 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	
			1.0 KiB
		
	
	
	
	
	
	
	
Kernel Self Protection Project (KSPP)
The Kernel Self Protection Project is a community effort to harden the upstream Linux kernel by eliminating classes of vulnerabilities.
Many similar protections have existed in other projects, but have yet to have been upstreamed. Since Moby is a consumer of the Linux kernel and aims to be the most secure distro it can be, it is in our maintainers' best interests to collaborate on upstream Linux security measures.
Roadmap
Near-term:
- We've aligned our kernel_configandsysctlsettings with the KSPP recommendations - we should continue to track these- Note: we check for these settings in our CI tests (see check_kernel_config.sh)
 
- Note: we check for these settings in our CI tests (see 
- @tych0 is working on KSPP patches, which are submitted to the kernel hardening mailing list
Long-term:
- Increase involvement in the project