sysctl.conf: Turn on hard- and symlink protection

[people/ms/ipfire-2.x.git] / config / etc / sysctl.conf

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index d11e53c88db373ac410f4490a492d4cf37d737d8..7e7ebee44cc438366e35efc89827b50f5192d778 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -45,6 +45,10 @@ kernel.kptr_restrict = 2
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
 
+# Turn on hard- and symlink protection
+fs.protected_symlinks = 1
+fs.protected_hardlinks = 1
+
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns = 10000000