Adds nodo::subsystem::grsec::chroot

author: Silvio Rhatto <rhatto@riseup.net> 2017-03-09 10:54:49 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2017-03-09 10:54:49 -0300
commit: 0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28 (patch)
tree: 3bf3f39ce86e2ceb73bc625d121eed2db52c2a00 /manifests/subsystem/grsec/chroot.pp
parent: 36c0149f58efb23e0cf3f50a6c649f0957366f5e (diff)
download: puppet-nodo-0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28.tar.gz
puppet-nodo-0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28.tar.bz2
1 files changed, 21 insertions, 0 deletions
diff --git a/manifests/subsystem/grsec/chroot.pp b/manifests/subsystem/grsec/chroot.pp
new file mode 100644
index 0000000..16d6bb6
--- /dev/null
+++ b/manifests/subsystem/grsec/chroot.pp
@@ -0,0 +1,21 @@
+class nodo::subsystem::grsec::chroot {
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chroot':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chmod':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_mount':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_caps':
+    order => 'xx',
+    value => 0,
+  }
+}
author	Silvio Rhatto <rhatto@riseup.net>	2017-03-09 10:54:49 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2017-03-09 10:54:49 -0300
commit	0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28 (patch)
tree	3bf3f39ce86e2ceb73bc625d121eed2db52c2a00 /manifests/subsystem/grsec/chroot.pp
parent	36c0149f58efb23e0cf3f50a6c649f0957366f5e (diff)
download	puppet-nodo-0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28.tar.gz puppet-nodo-0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28.tar.bz2