# disable some pax and grsecurity features so that debootstrap will work # this should be removed later kernel.grsecurity.chroot_caps = 0 kernel.grsecurity.chroot_deny_chmod = 0 kernel.grsecurity.chroot_deny_mknod = 0 kernel.grsecurity.chroot_deny_mount = 0 kernel.grsecurity.chroot_deny_pivot = 0 # Chrome/Chromium sandbox won't work without this kernel.grsecurity.chroot_deny_fchdir = 0 kernel.pax.softmode = 1