diff options
Diffstat (limited to 'libre/linux-libre-grsec/sysctl.conf')
-rw-r--r-- | libre/linux-libre-grsec/sysctl.conf | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf index ebd4dd574..a5f6bf83e 100644 --- a/libre/linux-libre-grsec/sysctl.conf +++ b/libre/linux-libre-grsec/sysctl.conf @@ -44,21 +44,21 @@ kernel.grsecurity.fifo_restrictions = 1 #kernel.grsecurity.romount_protect = 1 # -# chroot restrictions (many of these will break containers) +# chroot restrictions (the commented options will break containers) # #kernel.grsecurity.chroot_caps = 1 #kernel.grsecurity.chroot_deny_chmod = 1 #kernel.grsecurity.chroot_deny_chroot = 1 -#kernel.grsecurity.chroot_deny_fchdir = 1 +kernel.grsecurity.chroot_deny_fchdir = 1 #kernel.grsecurity.chroot_deny_mknod = 1 #kernel.grsecurity.chroot_deny_mount = 1 #kernel.grsecurity.chroot_deny_pivot = 1 -#kernel.grsecurity.chroot_deny_shmat = 1 -#kernel.grsecurity.chroot_deny_sysctl = 1 -#kernel.grsecurity.chroot_deny_unix = 1 +kernel.grsecurity.chroot_deny_shmat = 1 +kernel.grsecurity.chroot_deny_sysctl = 1 +kernel.grsecurity.chroot_deny_unix = 1 kernel.grsecurity.chroot_enforce_chdir = 1 -#kernel.grsecurity.chroot_findtask = 1 +kernel.grsecurity.chroot_findtask = 1 #kernel.grsecurity.chroot_restrict_nice = 1 # |