From 2188c31d0c3d515cdbb443f55815487f933604fa Mon Sep 17 00:00:00 2001
From: Marta Rybczynska <marta.rybczynska@linaro.org>
Date: Fri, 25 Nov 2022 07:54:32 +0100
Subject: [PATCH] security guide: fix table formatting

Signed-off-by: Marta Rybczynska <mrybczynska@syslinbit.com>
---
 security/guide.rst | 112 ++++++++++++++++++++-------------------------
 1 file changed, 49 insertions(+), 63 deletions(-)

diff --git a/security/guide.rst b/security/guide.rst
index 91da34c..742cb0d 100644
--- a/security/guide.rst
+++ b/security/guide.rst
@@ -51,19 +51,17 @@ leaking data freed from memory, and accessing wrong memory zones.
 Source files: ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_allocator.cfg``
 and ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_allocator_perf.cfg``.
 
-```
-+---------------------------------+-------------+
-| Config option                   | Oniro state |
-+=================================+=============+
-| CONFIG_SLAB_FREELIST_RANDOM     | On          |
-| CONFIG_SLAB_FREELIST_HARDENED   | On          |
-| CONFIG_SHUFFLE_PAGE_ALLOCATOR   | On          |
-| CONFIG_PAGE_POISONING           | On          |
-| CONFIG_PAGE_POISONING_NO_SANITY | On          |
-| CONFIG_PAGE_POISONING_ZERO      | On          |
-| CONFIG_INIT_ON_ALLOC_DEFAULT_ON | On          |
-+---------------------------------+-------------+
-```
++-------------------------------------+-------------+
+| Config option                       | Oniro state |
++=====================================+=============+
+| ``CONFIG_SLAB_FREELIST_RANDOM``     | On          |
+| ``CONFIG_SLAB_FREELIST_HARDENED``   | On          |
+| ``CONFIG_SHUFFLE_PAGE_ALLOCATOR``   | On          |
+| ``CONFIG_PAGE_POISONING``           | On          |
+| ``CONFIG_PAGE_POISONING_NO_SANITY`` | On          |
+| ``CONFIG_PAGE_POISONING_ZERO``      | On          |
+| ``CONFIG_INIT_ON_ALLOC_DEFAULT_ON`` | On          |
++-------------------------------------+-------------+
 
 **CONFIG_SLAB_FREELIST_RANDOM=y**
 
@@ -150,15 +148,13 @@ Reducing Attack Surface
 The following options remove some obsolete or un-needed features, which could
 make attacks easier:
 
-```
-+---------------------------------+-------------+
-| Config option                   | Oniro state |
-+=================================+=============+
-| CONFIG_COMPAT_BRK               | Off         |
-| CONFIG_PROC_KCORE               | Off         |
-| CONFIG_BINFMT_MISC              | Off         |
-+---------------------------------+-------------+
-```
++-------------------------------------+-------------+
+| Config option                       | Oniro state |
++=====================================+=============+
+| ``CONFIG_COMPAT_BRK``               | Off         |
+| ``CONFIG_PROC_KCORE``               | Off         |
+| ``CONFIG_BINFMT_MISC``              | Off         |
++-------------------------------------+-------------+
 
 **Option: CONFIG_COMPAT_BRK is not set**
 
@@ -200,13 +196,11 @@ Dmesg Options
 
 Those options are related to the kernel log in ``dmesg``:
 
-```
-+---------------------------------+-------------+
-| Config option                   | Oniro state |
-+=================================+=============+
-| CONFIG_SECURITY_DMESG_RESTRICT  | On          |
-+---------------------------------+-------------+
-```
++-------------------------------------+-------------+
+| Config option                       | Oniro state |
++=====================================+=============+
+| ``CONFIG_SECURITY_DMESG_RESTRICT``  | On          |
++-------------------------------------+-------------+
 
 Source files: ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_dmesg.cfg``
 
@@ -225,13 +219,11 @@ Compiler-level Hardening
 
 Those options enable checks done by the compiler:
 
-```
-+---------------------------------+-------------+
-| Config option                   | Oniro state |
-+=================================+=============+
-| CONFIG_FORTIFY_SOURCE           | On          |
-+---------------------------------+-------------+
-```
++-------------------------------------+-------------+
+| Config option                       | Oniro state |
++=====================================+=============+
+| ``CONFIG_FORTIFY_SOURCE``           | On          |
++-------------------------------------+-------------+
 
 Source file: ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_fortify_source.cfg``.
 
@@ -249,14 +241,12 @@ Memory Accesses
 With those options we disable the complete physical memory access and detect
 unsafe memory permissions:
 
-```
-+-------------------------------+-------------+
-| Config option                 | Oniro state |
-+===============================+=============+
-| CONFIG_DEBUG_WX               | On          |
-| CONFIG_DEVMEM                 | Off         |
-+-------------------------------+-------------+
-```
++----------------------------------+-------------+
+| Config option                    | Oniro state |
++==================================+=============+
+| ``CONFIG_DEBUG_WX``              | On          |
+| ``CONFIG_DEVMEM``                | Off         |
++----------------------------------+-------------+
 
 Source file: ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_memory.cfg``.
 
@@ -296,14 +286,12 @@ Copying from Userspace
 Those options add verification when copying potentially malicious data from
 the user space:
 
-```
-+-----------------------------------+-------------+
-| Config option                     | Oniro state |
-+===================================+=============+
-| CONFIG_HARDENED_USERCOPY          | On          |
-| CONFIG_HARDENED_USERCOPY_FALLBACK | Off         |
-+-----------------------------------+-------------+
-```
++---------------------------------------+-------------+
+| Config option                         | Oniro state |
++=======================================+=============+
+| ``CONFIG_HARDENED_USERCOPY``          | On          |
+| ``CONFIG_HARDENED_USERCOPY_FALLBACK`` | Off         |
++---------------------------------------+-------------+
 
 File: ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_usercopy.cfg``.
 
@@ -345,17 +333,15 @@ Data Validation
 
 With those options we add verification of the internal kernel data structures:
 
-```
-+---------------------------------+-------------+
-| Config option                   | Oniro state |
-+=================================+=============+
-| CONFIG_DEBUG_NOTIFIERS          | On          |
-| CONFIG_DEBUG_LIST               | On          |
-| CONFIG_DEBUG_SG                 | On          |
-| CONFIG_BUG_ON_DATA_CORRUPTION   | On          |
-| CONFIG_SCHED_STACK_END_CHECK    | On          |
-+---------------------------------+-------------+
-```
++-------------------------------------+-------------+
+| Config option                       | Oniro state |
++=====================================+=============+
+| ``CONFIG_DEBUG_NOTIFIERS``          | On          |
+| ``CONFIG_DEBUG_LIST``               | On          |
+| ``CONFIG_DEBUG_SG``                 | On          |
+| ``CONFIG_BUG_ON_DATA_CORRUPTION``   | On          |
+| ``CONFIG_SCHED_STACK_END_CHECK``    | On          |
++-------------------------------------+-------------+
 
 File: ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_validation_checks.cfg``.
 
-- 
GitLab