factory-default/sys-apps/baselayout: set net.core.bpf_jit_harden=2

author: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-09-29 01:09:52 +0100
committer: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-09-29 01:09:52 +0100
commit: 9ee4519bda7e627608aba18b58f3a95a08ddb8aa (patch)
tree: 7d0b38c8dd47024bf4174858dac32d42f7601bda /factory-default
parent: factory-default/app-admin/sudo: add /etc/sudoers (diff)
download: portage-9ee4519bda7e627608aba18b58f3a95a08ddb8aa.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index b49c7bce..98cd5d81 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -64,6 +64,9 @@ net.core.somaxconn = 32767
 # interface receives packets faster than kernel can process them.
 net.core.netdev_max_backlog = 5000
 
+# enable JIT hardening for all users
+net.core.bpf_jit_harden = 2
+
 # TCP congestion control with BBR (Bottleneck Bandwidth and RTT)
 net.core.default_qdisc = fq
 net.ipv4.tcp_congestion_control = bbr
author	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-09-29 01:09:52 +0100
committer	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-09-29 01:09:52 +0100
commit	9ee4519bda7e627608aba18b58f3a95a08ddb8aa (patch)
tree	7d0b38c8dd47024bf4174858dac32d42f7601bda /factory-default
parent	factory-default/app-admin/sudo: add /etc/sudoers (diff)
download	portage-9ee4519bda7e627608aba18b58f3a95a08ddb8aa.tar.xz