]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - config/etc/sysctl-x86_64.conf
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sysctl.conf: Turn on BPF JIT hardening, if the JIT is enabled
[people/pmueller/ipfire-2.x.git] / config / etc / sysctl-x86_64.conf
diff --git a/config/etc/sysctl-x86_64.conf b/config/etc/sysctl-x86_64.conf
index 7384bed513164a3c8e51cd533b9751ab80be6df2..c7abecc5d0c75ad56d2dbcf6065df9405e33c8a5 100644 (file)
--- a/config/etc/sysctl-x86_64.conf
+++ b/config/etc/sysctl-x86_64.conf
@@ -1,3 +1,6 @@
 # Improve KASLR effectiveness for mmap
 vm.mmap_rnd_bits = 32
 vm.mmap_rnd_compat_bits = 16
+
+# Turn on BPF JIT hardening, if the JIT is enabled.
+net.core.bpf_jit_harden = 2
Peter's tree of IPFire 2.x