linuxkit

mirror of https://github.com/linuxkit/linuxkit.git synced 2026-01-14 20:50:31 +00:00

Author	SHA1	Message	Date
Rolf Neugebauer	720fb219ce	pkg/sysctl: Prevent ebpf privilege escalation On 4.9.x and 4.14.x kernels ebpf verifier bugs allow ebpf programs to access (read/write) random memory. Setting kernel.unprivileged_bpf_disabled=1 mitigates this somewhat until it is fixed upstream. See: - https://lwn.net/Articles/742170 - https://lwn.net/Articles/742169 Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>	2017-12-25 15:32:57 +01:00
Justin Cormack	ce2347eda6	Enable sysctl kernel.dmesg_restrict This requires that users have `CAP_SYSLOG` in order to access `dmesg`. This means that containers by default have no access to `dmesg` (which can leak information about the host or other containers) unless they have this capability added. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-08-04 12:48:27 +01:00
Justin Cormack	b1c80b54b3	Revert #2317 remove kernel.random.write_wakeup_threshold from sysctl Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-07-31 23:05:46 +01:00
Justin Cormack	980a469bbc	Remove kernel.random.write_wakeup_threshold from sysctl 3072 is the default value anyway, so no need to change. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-07-28 17:56:13 +01:00
Justin Cormack	e12b5a36ba	Convert sysctl to using linuxkit/alpine and nested build Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-05-19 14:23:06 +01:00
Justin Cormack	905636d642	Move installable packages to pkg Still leaves some intermediate repos in `base/` See #1266 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-03-22 12:33:11 +00:00

6 Commits