The second version of this patch splits this up into different
architecture-specific sysctl config files, as i586 does not support BPF
JIT, hence the net.core.bpf_jit_harden does not exist on that
architecture.
Fixes: #12384
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
--- /dev/null
+# Turn on BPF JIT hardening, if the JIT is enabled.
+net.core.bpf_jit_harden = 2
--- /dev/null
+# Turn on BPF JIT hardening, if the JIT is enabled.
+net.core.bpf_jit_harden = 2
# Improve KASLR effectiveness for mmap
vm.mmap_rnd_bits = 32
vm.mmap_rnd_compat_bits = 16
+
+# Turn on BPF JIT hardening, if the JIT is enabled.
+net.core.bpf_jit_harden = 2