1
0
forked from brl/citadel
citadel/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf

15 lines
417 B
Plaintext
Raw Normal View History

# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_mount = 0
kernel.grsecurity.chroot_deny_pivot = 0
# Chrome/Chromium sandbox won't work without this
kernel.grsecurity.chroot_deny_fchdir = 0
kernel.pax.softmode = 1