linux-libre-grsec-3.15.1.201406222112-3: updating revision

* enable container-compatible chroot restrictions by default
* add missing module

1 files changed, 6 insertions, 6 deletions

diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf
index ebd4dd574..a5f6bf83e 100644
--- a/libre/linux-libre-grsec/sysctl.conf
+++ b/libre/linux-libre-grsec/sysctl.conf
@@ -44,21 +44,21 @@ kernel.grsecurity.fifo_restrictions = 1
 #kernel.grsecurity.romount_protect = 1
 
 #
-# chroot restrictions (many of these will break containers)
+# chroot restrictions (the commented options will break containers)
 #
 
 #kernel.grsecurity.chroot_caps = 1
 #kernel.grsecurity.chroot_deny_chmod = 1
 #kernel.grsecurity.chroot_deny_chroot = 1
-#kernel.grsecurity.chroot_deny_fchdir = 1
+kernel.grsecurity.chroot_deny_fchdir = 1
 #kernel.grsecurity.chroot_deny_mknod = 1
 #kernel.grsecurity.chroot_deny_mount = 1
 #kernel.grsecurity.chroot_deny_pivot = 1
-#kernel.grsecurity.chroot_deny_shmat = 1
-#kernel.grsecurity.chroot_deny_sysctl = 1
-#kernel.grsecurity.chroot_deny_unix = 1
+kernel.grsecurity.chroot_deny_shmat = 1
+kernel.grsecurity.chroot_deny_sysctl = 1
+kernel.grsecurity.chroot_deny_unix = 1
 kernel.grsecurity.chroot_enforce_chdir = 1
-#kernel.grsecurity.chroot_findtask = 1
+kernel.grsecurity.chroot_findtask = 1
 #kernel.grsecurity.chroot_restrict_nice = 1
 
 #