revert some container related options
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
ca27e64ad4
commit
b78a915858
@ -6,6 +6,7 @@ kernel_disable_modules:
|
|||||||
- sctp
|
- sctp
|
||||||
- tipc
|
- tipc
|
||||||
- rds
|
- rds
|
||||||
|
- bluetooth
|
||||||
|
|
||||||
kernel_blacklist_modules: []
|
kernel_blacklist_modules: []
|
||||||
|
|
||||||
|
@ -2,5 +2,8 @@
|
|||||||
# Controls whether core dumps will append the PID to the core filename
|
# Controls whether core dumps will append the PID to the core filename
|
||||||
kernel.core_uses_pid = 1
|
kernel.core_uses_pid = 1
|
||||||
|
|
||||||
|
# Disable storing core dumps
|
||||||
|
kernel.core_pattern = |/bin/false
|
||||||
|
|
||||||
# Disable core dumps for setuid programs
|
# Disable core dumps for setuid programs
|
||||||
fs.suid_dumpable = 0
|
fs.suid_dumpable = 0
|
||||||
|
@ -7,21 +7,9 @@ kernel.randomize_va_space = 2
|
|||||||
# Controls the System Request debugging functionality of the kernel
|
# Controls the System Request debugging functionality of the kernel
|
||||||
kernel.sysrq = 0
|
kernel.sysrq = 0
|
||||||
|
|
||||||
# Restrict unprivileged access to kernel syslog
|
|
||||||
kernel.dmesg_restrict = 1
|
|
||||||
|
|
||||||
# Restrict kernel address exposing
|
|
||||||
kernel.kptr_restrict = 2
|
|
||||||
|
|
||||||
# Limit scope for ptrace
|
|
||||||
kernel.yama.ptrace_scope = 2
|
|
||||||
|
|
||||||
# Command is trapped and sent to the init program to handle a graceful restart
|
# Command is trapped and sent to the init program to handle a graceful restart
|
||||||
kernel.ctrl-alt-del = 0
|
kernel.ctrl-alt-del = 0
|
||||||
|
|
||||||
# Disable access to performance events by users without CAP_SYS_ADMIN
|
|
||||||
kernel.perf_event_paranoid = 3
|
|
||||||
|
|
||||||
# Prevents unprivileged users from being able to use eBPF
|
# Prevents unprivileged users from being able to use eBPF
|
||||||
kernel.unprivileged_bpf_disabled = 1
|
kernel.unprivileged_bpf_disabled = 1
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user