[arch-commits] Commit in linux-grsec/trunk (PKGBUILD sysctl.conf)
Daniel Micay
thestinger at nymeria.archlinux.org
Wed Jun 25 02:11:01 UTC 2014
Date: Wednesday, June 25, 2014 @ 04:11:01
Author: thestinger
Revision: 113529
enable container-compatible chroot restrictions by default
Modified:
linux-grsec/trunk/PKGBUILD
linux-grsec/trunk/sysctl.conf
-------------+
PKGBUILD | 2 +-
sysctl.conf | 12 ++++++------
2 files changed, 7 insertions(+), 7 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-06-24 21:19:53 UTC (rev 113528)
+++ PKGBUILD 2014-06-25 02:11:01 UTC (rev 113529)
@@ -38,7 +38,7 @@
'ca7e718375b3790888756cc0a64a7500cd57dddb9bf7e10a0df22c860d91f74d'
'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
'79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18'
- '763f9323cdefc9ddf74ffeffd856f9eaec4d8d4ef702c88ee1aab429c2d0b389')
+ 'd4d4ae0b9c510547f47d94582e4ca08a7f12e9baf324181cb54d328027305e31')
_kernelname=${pkgbase#linux}
Modified: sysctl.conf
===================================================================
--- sysctl.conf 2014-06-24 21:19:53 UTC (rev 113528)
+++ sysctl.conf 2014-06-25 02:11:01 UTC (rev 113529)
@@ -44,21 +44,21 @@
#kernel.grsecurity.romount_protect = 1
#
-# chroot restrictions (many of these will break containers)
+# chroot restrictions (the commented options will break containers)
#
#kernel.grsecurity.chroot_caps = 1
#kernel.grsecurity.chroot_deny_chmod = 1
#kernel.grsecurity.chroot_deny_chroot = 1
-#kernel.grsecurity.chroot_deny_fchdir = 1
+kernel.grsecurity.chroot_deny_fchdir = 1
#kernel.grsecurity.chroot_deny_mknod = 1
#kernel.grsecurity.chroot_deny_mount = 1
#kernel.grsecurity.chroot_deny_pivot = 1
-#kernel.grsecurity.chroot_deny_shmat = 1
-#kernel.grsecurity.chroot_deny_sysctl = 1
-#kernel.grsecurity.chroot_deny_unix = 1
+kernel.grsecurity.chroot_deny_shmat = 1
+kernel.grsecurity.chroot_deny_sysctl = 1
+kernel.grsecurity.chroot_deny_unix = 1
kernel.grsecurity.chroot_enforce_chdir = 1
-#kernel.grsecurity.chroot_findtask = 1
+kernel.grsecurity.chroot_findtask = 1
#kernel.grsecurity.chroot_restrict_nice = 1
#
More information about the arch-commits
mailing list