From 9ee4519bda7e627608aba18b58f3a95a08ddb8aa Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Sun, 29 Sep 2019 01:09:52 +0100
Subject: factory-default/sys-apps/baselayout: set net.core.bpf_jit_harden=2

---
 factory-default/sys-apps/baselayout/etc/sysctl.conf | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'factory-default')

diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index b49c7bce..98cd5d81 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -64,6 +64,9 @@ net.core.somaxconn = 32767
 # interface receives packets faster than kernel can process them.
 net.core.netdev_max_backlog = 5000
 
+# enable JIT hardening for all users
+net.core.bpf_jit_harden = 2
+
 # TCP congestion control with BBR (Bottleneck Bandwidth and RTT)
 net.core.default_qdisc = fq
 net.ipv4.tcp_congestion_control = bbr
-- 
cgit v1.2.3