slkernel holds the kernel packaging and configuration for Sunlight Linux — the build recipe and the kernel .config that produce the distribution's kernel. The kernel runs with full hardware privileges, so configuration and packaging choices here are security-relevant:

• Kernel hardening options — e.g. CONFIG_STRICT_KERNEL_RWX, CONFIG_FORTIFY_SOURCE, CONFIG_RANDOMIZE_BASE, CONFIG_INIT_ON_ALLOC_DEFAULT_ON.
• Module signing / lockdown — CONFIG_MODULE_SIG*, CONFIG_SECURITY_LOCKDOWN_LSM.
• Source integrity — the upstream tarball/tag must be verified (checksum / signature) before building.
• Applied patches — out-of-tree patches change kernel behavior; each should be justified and reviewed.
• Build reproducibility — an auditable, reproducible config and recipe.

If you discover a security issue in the Sunlight Linux kernel packaging or configuration — for example a disabled hardening option, an unverified source, or a suspicious patch — please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please send an email to: [email protected]

Include:

• Description of the issue
• The affected config option / patch / recipe step
• Potential impact
• Suggested fix (if any)

You should receive a response within 48 hours. We will coordinate a fix before any public disclosure.

For vulnerabilities in the upstream Linux kernel itself (not Sunlight's packaging), report them to the upstream kernel security process.