factory-default/sys-apps/baselayout: disable fs.suid_dumpable sysctl

author: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-09-16 23:42:26 +0100
committer: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-09-16 23:42:26 +0100
commit: 854fd4e99fbda97e412e54a3abee78740ae73b19 (patch)
tree: b706960eee82326e71cb789cfe9cf6f6e3d35b9e /factory-default
parent: factory-default/sys-apps/baselayout: enable fs.protected_* sysctl (diff)
download: portage-854fd4e99fbda97e412e54a3abee78740ae73b19.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index 7e0d51fc..d3754c81 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -43,6 +43,10 @@ fs.protected_symlinks = 1
 # the source file
 fs.protected_hardlinks = 1
 
+# Any process which has changed privilege levels or is execute only will not
+# be dumped
+fs.suid_dumpable = 0
+
 # Uses a "never overcommit" policy that attempts to prevent any overcommit
 # of memory
 vm.overcommit_memory = 2
author	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-09-16 23:42:26 +0100
committer	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-09-16 23:42:26 +0100
commit	854fd4e99fbda97e412e54a3abee78740ae73b19 (patch)
tree	b706960eee82326e71cb789cfe9cf6f6e3d35b9e /factory-default
parent	factory-default/sys-apps/baselayout: enable fs.protected_* sysctl (diff)
download	portage-854fd4e99fbda97e412e54a3abee78740ae73b19.tar.xz