From 69aabff79a2cece36dcbd43d583ef43ee2c8e423 Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Mon, 16 Sep 2019 23:41:14 +0100
Subject: factory-default/sys-apps/baselayout: enable kernel.kptr_restrict
 sysctl

---
 factory-default/sys-apps/baselayout/etc/sysctl.conf | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'factory-default')

diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index 5eba904b..9e2e1466 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -21,6 +21,10 @@ kernel.panic = 5
 # randomization.
 kernel.randomize_va_space = 2
 
+# kernel pointers printed using the %pK format specifier will be replaced
+# with 0's unless the user has CAP_SYSLOG
+kernel.kptr_restrict = 1
+
 # Uses a "never overcommit" policy that attempts to prevent any overcommit
 # of memory
 vm.overcommit_memory = 2
-- 
cgit v1.2.3