My question would be “how do hardening kargs differ from a hardened kernel”?
Kargs can be dynamically applied and work easily on immutable distros. Tbh a monolithic unhardened kernel is my biggest problem with immutable Distros, as changing that is quite drastic.
My question would be “how do hardening kargs differ from a hardened kernel”?
Kargs can be dynamically applied and work easily on immutable distros. Tbh a monolithic unhardened kernel is my biggest problem with immutable Distros, as changing that is quite drastic.
It really depends on what flags the hardened kernel has. You might get the same result with args or you may get something totally different.
If you want to learn more try Gentoo
The Secureblue hardening kargs are a good compilation from multiple sources