From 721160f8acc254448e3c9cc6b533ec2e183867d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Fabian=20Silva=20Delgado?=
 <emulatorman@parabola.nu>
Date: Wed, 11 Jun 2014 22:29:54 -0300
Subject: linux-libre-grsec-3.14.6.201406101411-1: updating version

* enable chroot_enforce_chdir by default
* reword chroot restrictions comment
---
 libre/linux-libre-grsec/sysctl.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'libre/linux-libre-grsec/sysctl.conf')

diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf
index bef8e350d..ebd4dd574 100644
--- a/libre/linux-libre-grsec/sysctl.conf
+++ b/libre/linux-libre-grsec/sysctl.conf
@@ -44,7 +44,7 @@ kernel.grsecurity.fifo_restrictions = 1
 #kernel.grsecurity.romount_protect = 1
 
 #
-# chroot restrictions (these will break containers)
+# chroot restrictions (many of these will break containers)
 #
 
 #kernel.grsecurity.chroot_caps = 1
@@ -57,7 +57,7 @@ kernel.grsecurity.fifo_restrictions = 1
 #kernel.grsecurity.chroot_deny_shmat = 1
 #kernel.grsecurity.chroot_deny_sysctl = 1
 #kernel.grsecurity.chroot_deny_unix = 1
-#kernel.grsecurity.chroot_enforce_chdir = 1
+kernel.grsecurity.chroot_enforce_chdir = 1
 #kernel.grsecurity.chroot_findtask = 1
 #kernel.grsecurity.chroot_restrict_nice = 1
 
-- 
cgit v1.2.3-2-g168b