summaryrefslogtreecommitdiff
path: root/libre/linux-libre-grsec/sysctl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'libre/linux-libre-grsec/sysctl.conf')
-rw-r--r--libre/linux-libre-grsec/sysctl.conf12
1 files changed, 6 insertions, 6 deletions
diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf
index ebd4dd574..a5f6bf83e 100644
--- a/libre/linux-libre-grsec/sysctl.conf
+++ b/libre/linux-libre-grsec/sysctl.conf
@@ -44,21 +44,21 @@ kernel.grsecurity.fifo_restrictions = 1
#kernel.grsecurity.romount_protect = 1
#
-# chroot restrictions (many of these will break containers)
+# chroot restrictions (the commented options will break containers)
#
#kernel.grsecurity.chroot_caps = 1
#kernel.grsecurity.chroot_deny_chmod = 1
#kernel.grsecurity.chroot_deny_chroot = 1
-#kernel.grsecurity.chroot_deny_fchdir = 1
+kernel.grsecurity.chroot_deny_fchdir = 1
#kernel.grsecurity.chroot_deny_mknod = 1
#kernel.grsecurity.chroot_deny_mount = 1
#kernel.grsecurity.chroot_deny_pivot = 1
-#kernel.grsecurity.chroot_deny_shmat = 1
-#kernel.grsecurity.chroot_deny_sysctl = 1
-#kernel.grsecurity.chroot_deny_unix = 1
+kernel.grsecurity.chroot_deny_shmat = 1
+kernel.grsecurity.chroot_deny_sysctl = 1
+kernel.grsecurity.chroot_deny_unix = 1
kernel.grsecurity.chroot_enforce_chdir = 1
-#kernel.grsecurity.chroot_findtask = 1
+kernel.grsecurity.chroot_findtask = 1
#kernel.grsecurity.chroot_restrict_nice = 1
#