Adds nodo::subsystem::grsec::chroot

author Silvio Rhatto <rhatto@riseup.net>

Thu, 9 Mar 2017 13:54:49 +0000 (10:54 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Thu, 9 Mar 2017 13:54:49 +0000 (10:54 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Thu, 9 Mar 2017 13:54:49 +0000 (10:54 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Thu, 9 Mar 2017 13:54:49 +0000 (10:54 -0300)
diff --git a/manifests/subsystem/grsec/chroot.pp b/manifests/subsystem/grsec/chroot.pp

new file mode 100644 (file)

index 0000000..16d6bb6
--- /dev/null
+++ b/manifests/subsystem/grsec/chroot.pp
@@ -0,0 +1,21 @@
+class nodo::subsystem::grsec::chroot {
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chroot':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chmod':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_mount':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_caps':
+    order => 'xx',
+    value => 0,
+  }
+}
author	Silvio Rhatto <rhatto@riseup.net>
	Thu, 9 Mar 2017 13:54:49 +0000 (10:54 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Thu, 9 Mar 2017 13:54:49 +0000 (10:54 -0300)