From 854fd4e99fbda97e412e54a3abee78740ae73b19 Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Mon, 16 Sep 2019 23:42:26 +0100
Subject: factory-default/sys-apps/baselayout: disable fs.suid_dumpable sysctl

---
 factory-default/sys-apps/baselayout/etc/sysctl.conf | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'factory-default')

diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index 7e0d51fc..d3754c81 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -43,6 +43,10 @@ fs.protected_symlinks = 1
 # the source file
 fs.protected_hardlinks = 1
 
+# Any process which has changed privilege levels or is execute only will not
+# be dumped
+fs.suid_dumpable = 0
+
 # Uses a "never overcommit" policy that attempts to prevent any overcommit
 # of memory
 vm.overcommit_memory = 2
-- 
cgit v1.2.3