summaryrefslogtreecommitdiff
path: root/factory-default
diff options
context:
space:
mode:
authorBertrand Jacquin <bertrand@jacquin.bzh>2020-01-09 00:55:29 +0000
committerBertrand Jacquin <bertrand@jacquin.bzh>2020-01-09 00:55:29 +0000
commit8b57fc3a3b65d3499fa3d68aefffb29c50622a7d (patch)
tree4974221a92d99288902e767f69f97d82647e1413 /factory-default
parentfactory-default: define kernel.perf_event_paranoid sysctl (diff)
downloadportage-8b57fc3a3b65d3499fa3d68aefffb29c50622a7d.tar.xz
factory-default: define kernel.unprivileged_bpf_disabled sysctl
Diffstat (limited to 'factory-default')
-rw-r--r--factory-default/sys-apps/baselayout/etc/sysctl.conf3
1 files changed, 3 insertions, 0 deletions
diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index 8882326f..35fd94ba 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -38,6 +38,9 @@ kernel.dmesg_restrict = 1
# Disallow kernel profiling by users without CAP_SYS_ADMIN
kernel.perf_event_paranoid = 2
+# Turn off unprivileged eBPF access.
+kernel.unprivileged_bpf_disabled = 1
+
# Do not allow O_CREAT open on regular files that we don't own in world
# writable sticky directories, unless they are owned by the owner of the
# directory
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 21:58:48 +0000