[arch-commits] Commit in linux-grsec/trunk (PKGBUILD sysctl.conf)

Daniel Micay thestinger at nymeria.archlinux.org
Wed Jun 25 02:11:01 UTC 2014 

    Date: Wednesday, June 25, 2014 @ 04:11:01
  Author: thestinger
Revision: 113529

enable container-compatible chroot restrictions by default

Modified:
  linux-grsec/trunk/PKGBUILD
  linux-grsec/trunk/sysctl.conf

-------------+
 PKGBUILD    |    2 +-
 sysctl.conf |   12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-06-24 21:19:53 UTC (rev 113528)
+++ PKGBUILD	2014-06-25 02:11:01 UTC (rev 113529)
@@ -38,7 +38,7 @@
             'ca7e718375b3790888756cc0a64a7500cd57dddb9bf7e10a0df22c860d91f74d'
             'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
             '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18'
-            '763f9323cdefc9ddf74ffeffd856f9eaec4d8d4ef702c88ee1aab429c2d0b389')
+            'd4d4ae0b9c510547f47d94582e4ca08a7f12e9baf324181cb54d328027305e31')
 
 _kernelname=${pkgbase#linux}
 

Modified: sysctl.conf
===================================================================
--- sysctl.conf	2014-06-24 21:19:53 UTC (rev 113528)
+++ sysctl.conf	2014-06-25 02:11:01 UTC (rev 113529)
@@ -44,21 +44,21 @@
 #kernel.grsecurity.romount_protect = 1
 
 #
-# chroot restrictions (many of these will break containers)
+# chroot restrictions (the commented options will break containers)
 #
 
 #kernel.grsecurity.chroot_caps = 1
 #kernel.grsecurity.chroot_deny_chmod = 1
 #kernel.grsecurity.chroot_deny_chroot = 1
-#kernel.grsecurity.chroot_deny_fchdir = 1
+kernel.grsecurity.chroot_deny_fchdir = 1
 #kernel.grsecurity.chroot_deny_mknod = 1
 #kernel.grsecurity.chroot_deny_mount = 1
 #kernel.grsecurity.chroot_deny_pivot = 1
-#kernel.grsecurity.chroot_deny_shmat = 1
-#kernel.grsecurity.chroot_deny_sysctl = 1
-#kernel.grsecurity.chroot_deny_unix = 1
+kernel.grsecurity.chroot_deny_shmat = 1
+kernel.grsecurity.chroot_deny_sysctl = 1
+kernel.grsecurity.chroot_deny_unix = 1
 kernel.grsecurity.chroot_enforce_chdir = 1
-#kernel.grsecurity.chroot_findtask = 1
+kernel.grsecurity.chroot_findtask = 1
 #kernel.grsecurity.chroot_restrict_nice = 1
 
 #

More information about the arch-commits mailing list