Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
Upstream did not backport the IPv6 privacy addresses changes to older LTS kernels. This was done by @anupritaisno1 for the Pixel 5 kernel in GrapheneOS, I'm just opening this pull request. It has been deployed in production and I have tested it myself, it works fine. This can probably also be applied to 5.4 too, but I have not tried that.
Upstream did not backport the IPv6 privacy addresses changes to older LTS kernels. This was done by @anupritaisno1 for the Pixel 5 kernel in GrapheneOS, I'm just opening this pull request. It has been deployed in production and I have tested it myself, it works fine. This can probably also be applied to 5.4 too, but I have not tried that.
Original issue here: https://github.com/GrapheneOS/os-issue-tracker/issues/235