From: Herton R. Krzesinski <herton(a)redhat.com>
redhat: switch the vsyscall config to CONFIG_LEGACY_VSYSCALL_XONLY=y
Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1876977
As discussed upstream eg. at
https://lore.kernel.org/linux-api/87h7bzjaer.fsf@oldenburg.str.redhat.com/T/
and pointed on the bug's description above, VSYSCALL_XONLY is more
secure while still maintaining useful backward compatibility.
We also plan to do this change on the RHEL side with a centos-stream-9
change, so the change here covers both Fedora and RHEL/CentOS.
Signed-off-by: Herton R. Krzesinski <herton(a)redhat.com>
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
+++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_EMULATE
@@ -1 +1 @@
-CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
diff --git a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
index blahblah..blahblah 100644
--- a/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
+++ b/redhat/configs/common/generic/CONFIG_LEGACY_VSYSCALL_XONLY
@@ -1 +1 @@
-# CONFIG_LEGACY_VSYSCALL_XONLY is not set
+CONFIG_LEGACY_VSYSCALL_XONLY=y
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1531