From 7ca2ed90f2b7b19fc4d905e8ff6e16b75705c3e2 Mon Sep 17 00:00:00 2001
From: David McKinney <mckinney@subgraph.com>
Date: Thu, 28 Jun 2018 18:30:55 -0400
Subject: [PATCH] Disable kernel.grsecurity.chroot_deny_pivot sysctl setting in
 99-grsec-debootstrap

---
 .../citadel-config/files/sysctl/99-grsec-debootstrap.conf        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf b/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
index 8d5131e..a4ef1d0 100644
--- a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
+++ b/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
@@ -6,4 +6,5 @@ kernel.grsecurity.chroot_caps = 0
 kernel.grsecurity.chroot_deny_chmod = 0
 kernel.grsecurity.chroot_deny_mknod = 0
 kernel.grsecurity.chroot_deny_mount = 0
+kernel.grsecurity.chroot_deny_pivot = 0
 kernel.pax.softmode = 1