opensourcemirror
/
opnsense-src
mirror of https://github.com/opnsense/src.git
1
0
Fork 0
Code Issues Releases Wiki Activity

HBSD: Disable security.bsd.unprivileged_proc_debug by default 

Now that the security.bsd.unprivileged_proc_debug is set on a per-jail
basis, we need to modify how we're disabling it by default.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	G2, Inc
MFC-to:		12-STABLE
MFC-to:		11-STABLE
(cherry picked from commit 5584574a90044fe976cbf2210f2f8bfb5722ea08)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
(cherry picked from commit 58bbb3e9433204270f8d1135a95d475ea4f65755)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
(cherry picked from commit cf37e458bbf5ffba37a3e74f2bd560d29541ac5b)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
(cherry picked from commit 8f81f74fc53b3f7ce55f275dbd94d3d1b966d3e1)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
This commit is contained in:
Shawn Webb 2018-11-23 18:46:25 -05:00
parent ebb8c1489c
commit 4aa283b8e1
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sys/hardenedbsd/hbsd_pax_hardening.c
View File

@ -133,6 +133,7 @@ pax_hardening_init_prison(struct prison *pr, struct vfsoptlist *opts)
/* prison0 has no parent, use globals */
pr->pr_hbsd.hardening.procfs_harden =
pax_procfs_harden_global;
pr->pr_allow &= ~(PR_ALLOW_UNPRIV_DEBUG);
} else {
KASSERT(pr->pr_parent != NULL,
("%s: pr->pr_parent == NULL", __func__));