1 files changed, 21 insertions, 0 deletions

diff --git a/manifests/subsystem/grsec/chroot.pp b/manifests/subsystem/grsec/chroot.pp
new file mode 100644
index 0000000..16d6bb6
--- /dev/null
+++ b/manifests/subsystem/grsec/chroot.pp
@@ -0,0 +1,21 @@
+class nodo::subsystem::grsec::chroot {
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chroot':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chmod':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_mount':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_caps':
+    order => 'xx',
+    value => 0,
+  }
+}