brl/citadel
1
0
Fork 2
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

turn off chroot_deny_fchdir because chromium needs this disabled

Browse Source
This commit is contained in:
Bruce Leidl 2019-01-05 22:34:33 -05:00
parent 6b59f72907
commit d02e194a0c
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
View File

@ -7,4 +7,8 @@ kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0 kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_mount = 0 kernel.grsecurity.chroot_deny_mount = 0
kernel.grsecurity.chroot_deny_pivot = 0 kernel.grsecurity.chroot_deny_pivot = 0
# Chrome/Chromium sandbox won't work without this
kernel.grsecurity.chroot_deny_fchdir = 0
kernel.pax.softmode = 1 kernel.pax.softmode = 1