From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 9 Mar 2017 13:54:49 +0000 (-0300)
Subject: Adds nodo::subsystem::grsec::chroot
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28;p=puppet-nodo.git

Adds nodo::subsystem::grsec::chroot
---

diff --git a/manifests/subsystem/grsec/chroot.pp b/manifests/subsystem/grsec/chroot.pp
new file mode 100644
index 0000000..16d6bb6
--- /dev/null
+++ b/manifests/subsystem/grsec/chroot.pp
@@ -0,0 +1,21 @@
+class nodo::subsystem::grsec::chroot {
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chroot':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chmod':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_mount':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_caps':
+    order => 'xx',
+    value => 0,
+  }
+}