diff options
author | micah <micah@riseup.net> | 2022-07-06 11:56:46 +0000 |
---|---|---|
committer | micah <micah@riseup.net> | 2022-07-06 11:56:46 +0000 |
commit | 2196ddb84fe5d195fe78532a6706b11a66ecade8 (patch) | |
tree | 163276de873252fa0a4527fcc8be1bef2781ceb0 | |
parent | a13d6e7f190078c330b8aeaf574af5de5c25cad7 (diff) | |
parent | 9e6165f16e14898a28eadb1679b0c41ddb1f9f45 (diff) |
Merge branch 'unpriv-kernel' into 'main'
Dont deactivate non-existing kernel module
Closes #53
See merge request leap/container-platform/lilypad!54
-rw-r--r-- | float/roles/float-base/templates/sysctl.conf.j2 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/float/roles/float-base/templates/sysctl.conf.j2 b/float/roles/float-base/templates/sysctl.conf.j2 index 2a443ea..c28c31e 100644 --- a/float/roles/float-base/templates/sysctl.conf.j2 +++ b/float/roles/float-base/templates/sysctl.conf.j2 @@ -116,10 +116,12 @@ net.core.bpf_jit_harden=2 kernel.unprivileged_bpf_disabled=1 {% endif %} +{% if not disable_restricted_sysctl %} # Disable unprivileged user namespaces # https://lwn.net/Articles/673597 # (linux-hardened default) kernel.unprivileged_userns_clone=0 +{% endif %} # Enable yama ptrace restrictions # https://www.kernel.org/doc/Documentation/security/Yama.txt |