sysctl.conf: Turn on hard- and symlink protection

author Peter Müller <peter.mueller@ipfire.org>

Thu, 23 Jan 2020 21:28:00 +0000 (21:28 +0000)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Mon, 30 Mar 2020 17:07:26 +0000 (17:07 +0000)
author Peter Müller <peter.mueller@ipfire.org>
Thu, 23 Jan 2020 21:28:00 +0000 (21:28 +0000)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Mon, 30 Mar 2020 17:07:26 +0000 (17:07 +0000)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf

index d11e53c88db373ac410f4490a492d4cf37d737d8..7e7ebee44cc438366e35efc89827b50f5192d778 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -45,6 +45,10 @@ kernel.kptr_restrict = 2
  # Avoid kernel memory address exposures via dmesg.
  kernel.dmesg_restrict = 1
  
+# Turn on hard- and symlink protection
+fs.protected_symlinks = 1
+fs.protected_hardlinks = 1
+
  # Minimal preemption granularity for CPU-bound tasks:
  # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
  kernel.sched_min_granularity_ns = 10000000
author	Peter Müller <peter.mueller@ipfire.org>
	Thu, 23 Jan 2020 21:28:00 +0000 (21:28 +0000)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Mon, 30 Mar 2020 17:07:26 +0000 (17:07 +0000)