linux-libre-grsec-3.14.6.201406101411-1: updating version

* enable chroot_enforce_chdir by default * reword chroot restrictions comment
author: André Fabian Silva Delgado <emulatorman@parabola.nu> 2014-06-11 22:29:54 -0300
committer: André Fabian Silva Delgado <emulatorman@parabola.nu> 2014-06-11 22:29:54 -0300
commit: 721160f8acc254448e3c9cc6b533ec2e183867d6 (patch)
tree: bb2ddb1423223776140e7d7ac1e740ead5ca8e1a /libre/linux-libre-grsec/sysctl.conf
parent: 67320d963187273bd845a938a64460c3ee0b34ec (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf
index bef8e350d..ebd4dd574 100644
--- a/libre/linux-libre-grsec/sysctl.conf
+++ b/libre/linux-libre-grsec/sysctl.conf
@@ -44,7 +44,7 @@ kernel.grsecurity.fifo_restrictions = 1
 #kernel.grsecurity.romount_protect = 1
 
 #
-# chroot restrictions (these will break containers)
+# chroot restrictions (many of these will break containers)
 #
 
 #kernel.grsecurity.chroot_caps = 1
@@ -57,7 +57,7 @@ kernel.grsecurity.fifo_restrictions = 1
 #kernel.grsecurity.chroot_deny_shmat = 1
 #kernel.grsecurity.chroot_deny_sysctl = 1
 #kernel.grsecurity.chroot_deny_unix = 1
-#kernel.grsecurity.chroot_enforce_chdir = 1
+kernel.grsecurity.chroot_enforce_chdir = 1
 #kernel.grsecurity.chroot_findtask = 1
 #kernel.grsecurity.chroot_restrict_nice = 1
author	André Fabian Silva Delgado <emulatorman@parabola.nu>	2014-06-11 22:29:54 -0300
committer	André Fabian Silva Delgado <emulatorman@parabola.nu>	2014-06-11 22:29:54 -0300
commit	721160f8acc254448e3c9cc6b533ec2e183867d6 (patch)
tree	bb2ddb1423223776140e7d7ac1e740ead5ca8e1a /libre/linux-libre-grsec/sysctl.conf
parent	67320d963187273bd845a938a64460c3ee0b34ec (diff)