base-files: kernel hardening

This commit is contained in:
Andrea Brancaleoni 2016-12-12 01:22:17 +01:00 committed by Andrea Brancaleoni
parent 203594e53d
commit a8fa975f9f
2 changed files with 16 additions and 1 deletions

View file

@ -4,3 +4,18 @@ kernel.core_uses_pid = 1
# Enable hard and soft link protection # Enable hard and soft link protection
fs.protected_hardlinks=1 fs.protected_hardlinks=1
fs.protected_symlinks=1 fs.protected_symlinks=1
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
kernel.kptr_restrict=1
# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict=1
# Block non-uid-0 kernel profiling
kernel.perf_event_paranoid=2
# Turn off kexec, even if it's built in.
kernel.kexec_load_disabled=1
# Avoid non-ancestor ptrace access to running processes and their credentials.
kernel.yama.ptrace_scope=1

View file

@ -1,7 +1,7 @@
# Template file for 'base-files' # Template file for 'base-files'
pkgname=base-files pkgname=base-files
version=0.139 version=0.139
revision=4 revision=5
bootstrap=yes bootstrap=yes
depends="xbps-triggers" depends="xbps-triggers"
short_desc="Void Linux base system files" short_desc="Void Linux base system files"