1 |
And this is GrSecurity conf into the sysctl.conf |
2 |
|
3 |
# GrSecurity configuration |
4 |
kernel.grsecurity.chroot_deny_sysctl = 1 |
5 |
kernel.grsecurity.chroot_caps = 1 |
6 |
kernel.grsecurity.chroot_execlog = 0 |
7 |
kernel.grsecurity.chroot_restrict_nice = 1 |
8 |
kernel.grsecurity.chroot_deny_mknod = 1 |
9 |
kernel.grsecurity.chroot_deny_chmod = 1 |
10 |
kernel.grsecurity.chroot_enforce_chdir = 1 |
11 |
kernel.grsecurity.chroot_deny_pivot = 1 |
12 |
kernel.grsecurity.chroot_deny_chroot = 1 |
13 |
kernel.grsecurity.chroot_deny_fchdir = 1 |
14 |
kernel.grsecurity.chroot_deny_mount = 1 |
15 |
kernel.grsecurity.chroot_deny_unix = 1 |
16 |
kernel.grsecurity.chroot_deny_shmat = 1 |
17 |
-- |
18 |
gentoo-hardened@l.g.o mailing list |