diff options
author | Luke Shumaker <LukeShu@sbcglobal.net> | 2014-05-27 17:24:17 -0400 |
---|---|---|
committer | Luke Shumaker <LukeShu@sbcglobal.net> | 2014-05-27 17:24:17 -0400 |
commit | ffd63534f7349a8bf48e34eb734fbfa017cec2bb (patch) | |
tree | 700b868c76c4a1f2a0a614658e376ed21da94c0c /libre/linux-libre-grsec/sysctl.conf | |
parent | cb48db3153ace8969e61946774dea0ec805bc231 (diff) | |
parent | 54bc28a3f089c40cd079112766ba3a750283b601 (diff) |
Merge branch 'master' of git://projects.parabolagnulinux.org/abslibre
Diffstat (limited to 'libre/linux-libre-grsec/sysctl.conf')
-rw-r--r-- | libre/linux-libre-grsec/sysctl.conf | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf index a1af2c48e..bef8e350d 100644 --- a/libre/linux-libre-grsec/sysctl.conf +++ b/libre/linux-libre-grsec/sysctl.conf @@ -1,11 +1,13 @@ -# All features in the kernel.grsecurity namespace are disabled by default. +# All features in the kernel.grsecurity namespace are disabled by default in +# the kernel and must be enabled here. # -# Disable PaX enforcement by default, due to lacking integration with packages. +# Disable PaX enforcement by default. # -# This is considered a major flaw in this package and will be corrected in the -# future. Many binaries need to be flagged as requiring an exception from the -# PaX rules. +# The `paxd` package sets softmode back to 0 in a configuration file loaded +# after this one. It automatically handles setting exceptions from the PaX +# exploit mitigations after Pacman operations. Altering the setting here rather +# than using `paxd` is not recommended. # kernel.pax.softmode = 1 @@ -77,7 +79,7 @@ kernel.grsecurity.audit_gid = 201 #kernel.grsecurity.signal_logging = 1 #kernel.grsecurity.forkfail_logging = 1 #kernel.grsecurity.timechange_logging = 1 -#kernel.grsecurity.rwxmap_logging = 1 +kernel.grsecurity.rwxmap_logging = 1 # # Executable protections |