In order to make local privilege escalation more harder, hide
kernel addresses in various /proc files against users with
root (or similar) permissions, too.
Common system hardening tools such as lynis recommend this.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
name = setup
version = 3.0
-release = 11
+release = 12
arch = noarch
groups = Base Build System/Base
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
-kernel.kptr_restrict = 1
+kernel.kptr_restrict = 2
# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict = 1