mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-01-28 10:44:25 +01:00
538528fa9a
There exists a few security-related configs, which are x86-64 specific. CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_RETPOLINE=y CONFIG_RELOCATABLE and CONFIG_RANDOMIZE_BASE are kinds of tangled on aarch64, if CONFIG_RANDOMIZE_BASE=y, then CONFIG_RELOCATABLE will be selected automatically. CONFIG_RANDOMIZE_BASE will randomize the virtual address at which the kernel image is loaded, which as a security feature could deter exploit attempts relying on knowledge of the location of kernel internals. Fixes: #1004 Signed-off-by: Penny Zheng <penny.zheng@arm.com>