security guide: update formatting

One more fix... this time it is impeccable.

Update table and variables formatting.

Signed-off-by: Marta Rybczynska marta.rybczynska@linaro.org

security/guide.rst

@@ -55,11 +55,17 @@ and ``oniro/meta-oniro-core/recipes-kernel/linux/linux/hardening_allocator_perf.
 | Config option                       | Oniro state |
 +=====================================+=============+
 | ``CONFIG_SLAB_FREELIST_RANDOM``     | On          |
++-------------------------------------+-------------+
 | ``CONFIG_SLAB_FREELIST_HARDENED``   | On          |
++-------------------------------------+-------------+
 | ``CONFIG_SHUFFLE_PAGE_ALLOCATOR``   | On          |
++-------------------------------------+-------------+
 | ``CONFIG_PAGE_POISONING``           | On          |
++-------------------------------------+-------------+
 | ``CONFIG_PAGE_POISONING_NO_SANITY`` | On          |
++-------------------------------------+-------------+
 | ``CONFIG_PAGE_POISONING_ZERO``      | On          |
++-------------------------------------+-------------+
 | ``CONFIG_INIT_ON_ALLOC_DEFAULT_ON`` | On          |
 +-------------------------------------+-------------+
 
@@ -152,7 +158,9 @@ make attacks easier:
 | Config option                       | Oniro state |
 +=====================================+=============+
 | ``CONFIG_COMPAT_BRK``               | Off         |
++-------------------------------------+-------------+
 | ``CONFIG_PROC_KCORE``               | Off         |
++-------------------------------------+-------------+
 | ``CONFIG_BINFMT_MISC``              | Off         |
 +-------------------------------------+-------------+
 
@@ -245,6 +253,7 @@ unsafe memory permissions:
 | Config option                    | Oniro state |
 +==================================+=============+
 | ``CONFIG_DEBUG_WX``              | On          |
++----------------------------------+-------------+
 | ``CONFIG_DEVMEM``                | Off         |
 +----------------------------------+-------------+
 
@@ -290,6 +299,7 @@ the user space:
 | Config option                         | Oniro state |
 +=======================================+=============+
 | ``CONFIG_HARDENED_USERCOPY``          | On          |
++---------------------------------------+-------------+
 | ``CONFIG_HARDENED_USERCOPY_FALLBACK`` | Off         |
 +---------------------------------------+-------------+
 
@@ -337,9 +347,13 @@ With those options we add verification of the internal kernel data structures:
 | Config option                       | Oniro state |
 +=====================================+=============+
 | ``CONFIG_DEBUG_NOTIFIERS``          | On          |
++-------------------------------------+-------------+
 | ``CONFIG_DEBUG_LIST``               | On          |
++-------------------------------------+-------------+
 | ``CONFIG_DEBUG_SG``                 | On          |
++-------------------------------------+-------------+
 | ``CONFIG_BUG_ON_DATA_CORRUPTION``   | On          |
++-------------------------------------+-------------+
 | ``CONFIG_SCHED_STACK_END_CHECK``    | On          |
 +-------------------------------------+-------------+
 
@@ -427,10 +441,10 @@ IOMMU is not enabled yet.
 
 KSPP [2]_ recomends setting up the following:
 
-```
-CONFIG_PANIC_ON_OOPS=y
-CONFIG_PANIC_TIMEOUT=-1
-```
+.. code-block:: console
+
+    CONFIG_PANIC_ON_OOPS=y
+    CONFIG_PANIC_TIMEOUT=-1
 
 They cause the kernel to reboot on serious error (Oops, see
 ``the Oops Wikipedia page <https://en.wikipedia.org/wiki/Linux_kernel_oops>``