From b919d6483b119d5a716860fa7373d1ae7dff2afe Mon Sep 17 00:00:00 2001
From: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
Date: Wed, 18 Jan 2017 15:20:40 +0000
Subject: [PATCH] Add fs link protection sysctls

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
---
 alpine/etc/sysctl.d/01-moby.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/alpine/etc/sysctl.d/01-moby.conf b/alpine/etc/sysctl.d/01-moby.conf
index c12355ac1..49ffed8ad 100644
--- a/alpine/etc/sysctl.d/01-moby.conf
+++ b/alpine/etc/sysctl.d/01-moby.conf
@@ -18,3 +18,5 @@ net.ipv4.conf.default.accept_source_route = 0
 net.ipv6.conf.all.accept_redirects = 0
 net.ipv6.conf.default.accept_redirects = 0
 kernel.perf_event_paranoid = 3
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1