From 0ed40a837c25bf2c22eb04ec9ad1ae676c0d6e28 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 9 Mar 2017 10:54:49 -0300
Subject: Adds nodo::subsystem::grsec::chroot

---
 manifests/subsystem/grsec/chroot.pp | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 manifests/subsystem/grsec/chroot.pp

(limited to 'manifests/subsystem/grsec/chroot.pp')

diff --git a/manifests/subsystem/grsec/chroot.pp b/manifests/subsystem/grsec/chroot.pp
new file mode 100644
index 0000000..16d6bb6
--- /dev/null
+++ b/manifests/subsystem/grsec/chroot.pp
@@ -0,0 +1,21 @@
+class nodo::subsystem::grsec::chroot {
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chroot':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_chmod':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_deny_mount':
+    order => 'xx',
+    value => 0,
+  }
+
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.chroot_caps':
+    order => 'xx',
+    value => 0,
+  }
+}
-- 
cgit v1.2.3