base-files: kernel hardening
This commit is contained in:
parent
203594e53d
commit
a8fa975f9f
2 changed files with 16 additions and 1 deletions
|
@ -4,3 +4,18 @@ kernel.core_uses_pid = 1
|
||||||
# Enable hard and soft link protection
|
# Enable hard and soft link protection
|
||||||
fs.protected_hardlinks=1
|
fs.protected_hardlinks=1
|
||||||
fs.protected_symlinks=1
|
fs.protected_symlinks=1
|
||||||
|
|
||||||
|
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
|
||||||
|
kernel.kptr_restrict=1
|
||||||
|
|
||||||
|
# Avoid kernel memory address exposures via dmesg.
|
||||||
|
kernel.dmesg_restrict=1
|
||||||
|
|
||||||
|
# Block non-uid-0 kernel profiling
|
||||||
|
kernel.perf_event_paranoid=2
|
||||||
|
|
||||||
|
# Turn off kexec, even if it's built in.
|
||||||
|
kernel.kexec_load_disabled=1
|
||||||
|
|
||||||
|
# Avoid non-ancestor ptrace access to running processes and their credentials.
|
||||||
|
kernel.yama.ptrace_scope=1
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'base-files'
|
# Template file for 'base-files'
|
||||||
pkgname=base-files
|
pkgname=base-files
|
||||||
version=0.139
|
version=0.139
|
||||||
revision=4
|
revision=5
|
||||||
bootstrap=yes
|
bootstrap=yes
|
||||||
depends="xbps-triggers"
|
depends="xbps-triggers"
|
||||||
short_desc="Void Linux base system files"
|
short_desc="Void Linux base system files"
|
||||||
|
|
Loading…
Reference in a new issue