mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-23 01:13:40 +07:00
Restrict access to debugfs
This commit is contained in:
parent
feb7cea4c5
commit
06ffd5d220
3
debian/control
vendored
3
debian/control
vendored
@ -126,6 +126,9 @@ Description: enhances misc security settings
|
||||
* Restricts loading line disciplines to `CAP_SYS_MODULE`.
|
||||
.
|
||||
* Restricts the `userfaultfd()` syscall to root.
|
||||
.
|
||||
* Access to debugfs is restricted as it can contain a lot of sensitive
|
||||
information.
|
||||
.
|
||||
Improve Entropy Collection
|
||||
.
|
||||
|
@ -66,3 +66,8 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX extra_latent_entropy"
|
||||
## Remove "quiet" from GRUB_CMDLINE_LINUX_DEFAULT because "quiet" must be first.
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="$(echo "$GRUB_CMDLINE_LINUX_DEFAULT" | str_replace "quiet" "")"
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX quiet loglevel=0"
|
||||
|
||||
## Restrict access to debugfs since it can contain a lot of sensitive information.
|
||||
## https://lkml.org/lkml/2020/7/16/122
|
||||
## https://github.com/torvalds/linux/blob/fb1201aececc59990b75ef59fca93ae4aa1e1444/Documentation/admin-guide/kernel-parameters.txt#L835-L848
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
|
||||
|
Loading…
Reference in New Issue
Block a user