Browse Source

HBSD: Disable security.bsd.unprivileged_proc_debug by default

Now that the security.bsd.unprivileged_proc_debug is set on a per-jail
basis, we need to modify how we're disabling it by default.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	G2, Inc
MFC-to:		12-STABLE
MFC-to:		11-STABLE
(cherry picked from commit 5584574a90)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
hardened/current/asr_aslr_mix
Shawn Webb 1 year ago
parent
commit
58bbb3e943
No known key found for this signature in database
1 changed files with 1 additions and 0 deletions
  1. +1
    -0
      sys/hardenedbsd/hbsd_pax_hardening.c

+ 1
- 0
sys/hardenedbsd/hbsd_pax_hardening.c View File

@@ -133,6 +133,7 @@ pax_hardening_init_prison(struct prison *pr, struct vfsoptlist *opts)
/* prison0 has no parent, use globals */
pr->pr_hbsd.hardening.procfs_harden =
pax_procfs_harden_global;
pr->pr_allow &= ~(PR_ALLOW_UNPRIV_DEBUG);
} else {
KASSERT(pr->pr_parent != NULL,
("%s: pr->pr_parent == NULL", __func__));

Loading…
Cancel
Save