Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
System Settings
Kernel Configuration
Enable checks on credential management
Enable checks on credential management
An XCCDF Rule
Details
Profiles
Prose
Enable checks on credential management
Low Severity
Enable this to turn on some debug checking for credential management. The additional code keeps track of the number of pointers from task_structs to any given cred struct, and checks to see that this number never exceeds the usage count of the cred struct. Furthermore, if SELinux is enabled, this also checks that the security pointer in the cred struct is never seen to be invalid. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_DEBUG_CREDENTIALS
, run the following command:
grep CONFIG_DEBUG_CREDENTIALS /boot/config-*
For each kernel installed, a line with value "y" should be returned.