diff options
author | Bertrand Jacquin <bertrand@jacquin.bzh> | 2020-01-09 00:55:29 +0000 |
---|---|---|
committer | Bertrand Jacquin <bertrand@jacquin.bzh> | 2020-01-09 00:55:29 +0000 |
commit | 8b57fc3a3b65d3499fa3d68aefffb29c50622a7d (patch) | |
tree | 4974221a92d99288902e767f69f97d82647e1413 | |
parent | factory-default: define kernel.perf_event_paranoid sysctl (diff) | |
download | portage-8b57fc3a3b65d3499fa3d68aefffb29c50622a7d.tar.xz |
factory-default: define kernel.unprivileged_bpf_disabled sysctl
-rw-r--r-- | factory-default/sys-apps/baselayout/etc/sysctl.conf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf index 8882326f..35fd94ba 100644 --- a/factory-default/sys-apps/baselayout/etc/sysctl.conf +++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf @@ -38,6 +38,9 @@ kernel.dmesg_restrict = 1 # Disallow kernel profiling by users without CAP_SYS_ADMIN kernel.perf_event_paranoid = 2 +# Turn off unprivileged eBPF access. +kernel.unprivileged_bpf_disabled = 1 + # Do not allow O_CREAT open on regular files that we don't own in world # writable sticky directories, unless they are owned by the owner of the # directory |