Merge branch 'unpriv-kernel' into 'main'

Dont deactivate non-existing kernel module Closes #53 See merge request leap/container-platform/lilypad!54
author: micah <micah@riseup.net> 2022-07-06 11:56:46 +0000
committer: micah <micah@riseup.net> 2022-07-06 11:56:46 +0000
commit: 2196ddb84fe5d195fe78532a6706b11a66ecade8 (patch)
tree: 163276de873252fa0a4527fcc8be1bef2781ceb0
parent: a13d6e7f190078c330b8aeaf574af5de5c25cad7 (diff)
parent: 9e6165f16e14898a28eadb1679b0c41ddb1f9f45 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/float/roles/float-base/templates/sysctl.conf.j2 b/float/roles/float-base/templates/sysctl.conf.j2
index 2a443ea..c28c31e 100644
--- a/float/roles/float-base/templates/sysctl.conf.j2
+++ b/float/roles/float-base/templates/sysctl.conf.j2
@@ -116,10 +116,12 @@ net.core.bpf_jit_harden=2
 kernel.unprivileged_bpf_disabled=1
 {% endif %}
 
+{% if not disable_restricted_sysctl %}
 # Disable unprivileged user namespaces
 # https://lwn.net/Articles/673597
 # (linux-hardened default)
 kernel.unprivileged_userns_clone=0
+{% endif %}
 
 # Enable yama ptrace restrictions
 # https://www.kernel.org/doc/Documentation/security/Yama.txt
author	micah <micah@riseup.net>	2022-07-06 11:56:46 +0000
committer	micah <micah@riseup.net>	2022-07-06 11:56:46 +0000
commit	2196ddb84fe5d195fe78532a6706b11a66ecade8 (patch)
tree	163276de873252fa0a4527fcc8be1bef2781ceb0
parent	a13d6e7f190078c330b8aeaf574af5de5c25cad7 (diff)
parent	9e6165f16e14898a28eadb1679b0c41ddb1f9f45 (diff)