aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2020-02-14 17:10:16 +0000
committerAriadne Conill <ariadne@dereferenced.org>2020-02-14 17:10:38 +0000
commit4e286992d5ed751f6ca60eb18d77313bb0868513 (patch)
tree4dfa01ed3cfadf6b8a772be2aecd475e11455729
parentadf72d007528e03f9500ad6d40ad55d5b458cbdb (diff)
downloadaports-4e286992d5ed751f6ca60eb18d77313bb0868513.tar.gz
aports-4e286992d5ed751f6ca60eb18d77313bb0868513.tar.bz2
aports-4e286992d5ed751f6ca60eb18d77313bb0868513.tar.xz
main/alpine-baselayout: disable unprivileged eBPF by default
-rw-r--r--main/alpine-baselayout/APKBUILD7
1 files changed, 6 insertions, 1 deletions
diff --git a/main/alpine-baselayout/APKBUILD b/main/alpine-baselayout/APKBUILD
index 405b7da95a..346d87c60a 100644
--- a/main/alpine-baselayout/APKBUILD
+++ b/main/alpine-baselayout/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-baselayout
pkgver=3.2.0
-pkgrel=3
+pkgrel=4
pkgdesc="Alpine base dir structure and init scripts"
url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout"
arch="all"
@@ -189,6 +189,11 @@ package() {
# escalation vulnerabilities.
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
+
+ # Disable unprivileged use of the bpf(2) syscall.
+ # Allowing unprivileged use of the bpf(2) syscall may allow a
+ # malicious user to compromise the machine.
+ kernel.unprivileged_bpf_disabled = 1
EOF
cat > "$pkgdir"/etc/fstab <<-EOF
/dev/cdrom /media/cdrom iso9660 noauto,ro 0 0