projects / mirror / dsa-puppet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 07fe129)
disable unprivileged BPF loading
authorPeter Palfrader <peter@palfrader.org>
Fri, 22 Dec 2017 20:35:33 +0000 (21:35 +0100)
committerPeter Palfrader <peter@palfrader.org>
Fri, 22 Dec 2017 20:35:33 +0000 (21:35 +0100)
modules/debian_org/manifests/init.pp patch | blob | history

diff --git a/modules/debian_org/manifests/init.pp b/modules/debian_org/manifests/init.pp
index b94e2a7..616be75 100644 (file)
--- a/modules/debian_org/manifests/init.pp
+++ b/modules/debian_org/manifests/init.pp
@@ -329,4 +329,11 @@ class debian_org {
                        package { 'irqbalance': ensure => installed }
                }
        }
+
+
+       # https://www.decadent.org.uk/ben/blog/bpf-security-issues-in-debian.html
+       site::sysctl { 'unprivileged_bpf_disabled':
+               key   => 'kernel.unprivileged_bpf_disabled',
+               value => '1',
+       }
 }
Unnamed repository; edit this file 'description' to name the repository.