HBSD: Disable security.bsd.unprivileged_proc_debug by default
Now that the security.bsd.unprivileged_proc_debug is set on a per-jail basis, we need to modify how we're disabling it by default. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> Sponsored-by: G2, Inc MFC-to: 12-STABLE MFC-to: 11-STABLE (cherry picked from commit 5584574a90044fe976cbf2210f2f8bfb5722ea08) Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> (cherry picked from commit 58bbb3e9433204270f8d1135a95d475ea4f65755) Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> (cherry picked from commit cf37e458bbf5ffba37a3e74f2bd560d29541ac5b) Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> (cherry picked from commit 8f81f74fc53b3f7ce55f275dbd94d3d1b966d3e1) Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
This commit is contained in:
parent
ebb8c1489c
commit
4aa283b8e1
|
@ -133,6 +133,7 @@ pax_hardening_init_prison(struct prison *pr, struct vfsoptlist *opts)
|
|||
/* prison0 has no parent, use globals */
|
||||
pr->pr_hbsd.hardening.procfs_harden =
|
||||
pax_procfs_harden_global;
|
||||
pr->pr_allow &= ~(PR_ALLOW_UNPRIV_DEBUG);
|
||||
} else {
|
||||
KASSERT(pr->pr_parent != NULL,
|
||||
("%s: pr->pr_parent == NULL", __func__));
|
||||
|
|
Loading…
Reference in New Issue