citadel/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf


# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later

kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_mount = 0
kernel.grsecurity.chroot_deny_pivot = 0

# Chrome/Chromium sandbox won't work without this
kernel.grsecurity.chroot_deny_fchdir = 0

kernel.pax.softmode = 1
add sysctl to disable some grsec features features that would prevent debootstrap from working on the host 2018-01-23 03:04:36 +00:00
			`# disable some pax and grsecurity features so that debootstrap will work`
			`# this should be removed later`

			`kernel.grsecurity.chroot_caps = 0`
			`kernel.grsecurity.chroot_deny_chmod = 0`
			`kernel.grsecurity.chroot_deny_mknod = 0`
			`kernel.grsecurity.chroot_deny_mount = 0`
Disable kernel.grsecurity.chroot_deny_pivot sysctl setting in 99-grsec-debootstrap 2018-06-28 22:30:55 +00:00			`kernel.grsecurity.chroot_deny_pivot = 0`
turn off chroot_deny_fchdir because chromium needs this disabled 2019-01-06 03:34:33 +00:00
			`# Chrome/Chromium sandbox won't work without this`
			`kernel.grsecurity.chroot_deny_fchdir = 0`

add sysctl to disable some grsec features features that would prevent debootstrap from working on the host 2018-01-23 03:04:36 +00:00			`kernel.pax.softmode = 1`