Adds nodo::subsystem::sysctl::unprivileged_bpf_disabled

diff --git a/manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp b/manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp
new file mode 100644 (file)
index 0000000..f82bfc9
--- /dev/null
+++ b/manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp
@@ -0,0 +1,6 @@
+# See https://www.debian.org/security/2017/dsa-4073
+class nodo::subsystem::sysctl::unprivileged_bpf_disabled() {
+  nodo::subsystem::sysctl::entry { 'kernel.unprivileged_bpf_disabled':
+    value => '1',
+  }
+}