From 12bd1da344adb6ef6d41aaab20bcbac6b942b82b Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sun, 7 Jan 2018 22:49:26 -0200
Subject: Adds nodo::subsystem::sysctl::unprivileged_bpf_disabled

---
 manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp

(limited to 'manifests/subsystem')

diff --git a/manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp b/manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp
new file mode 100644
index 0000000..f82bfc9
--- /dev/null
+++ b/manifests/subsystem/sysctl/unprivileged_bpf_disabled.pp
@@ -0,0 +1,6 @@
+# See https://www.debian.org/security/2017/dsa-4073
+class nodo::subsystem::sysctl::unprivileged_bpf_disabled() {
+  nodo::subsystem::sysctl::entry { 'kernel.unprivileged_bpf_disabled':
+    value => '1',
+  }
+}
-- 
cgit v1.2.3