eb7791ed34
eBPF allowed a fair amount of local privilege escalation in the past, disallow it for ordinary users by default.
15 lines
458 B
Text
15 lines
458 B
Text
# These are hardening options that users should typically not be altering.
|
|
# User-alterable options are in 10-void-user.conf.
|
|
|
|
# Append the PID to the core filename
|
|
kernel.core_uses_pid=1
|
|
|
|
# Enable hard and soft link protection
|
|
fs.protected_hardlinks=1
|
|
fs.protected_symlinks=1
|
|
|
|
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
|
|
kernel.kptr_restrict=1
|
|
|
|
# Block non-uid-0 kernel profiling
|
|
kernel.perf_event_paranoid=2
|