]>
Commit | Line | Data |
---|---|---|
5c62e473 | 1 | # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc). |
7403755a | 2 | kernel.kptr_restrict = 2 |
5c62e473 PM |
3 | |
4 | # Avoid kernel memory address exposures via dmesg. | |
5 | kernel.dmesg_restrict = 1 | |
6 | ||
78d3aeab PM |
7 | # Improve KASLR effectiveness for mmap. |
8 | vm.mmap_rnd_bits = 32 | |
9 | vm.mmap_rnd_compat_bits = 16 | |
5d673af2 PM |
10 | |
11 | # Turn on hard- and symlink protection | |
12 | fs.protected_symlinks = 1 | |
13 | fs.protected_hardlinks = 1 |