Set kptr_restrict to 2.

To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict
to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms

Bug: 5555668
Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b
This commit is contained in:
Nick Kralevich 2011-11-02 08:51:37 -07:00
parent 06286288ef
commit 2e7c833279
1 changed files with 1 additions and 0 deletions

View File

@ -65,6 +65,7 @@ loglevel 3
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2
# Create cgroup mount points for process groups
mkdir /dev/cpuctl