summaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2016-05-17 06:58:06 +0000
committerintrigeri <intrigeri@boum.org>2016-05-17 06:58:06 +0000
commit85750070bfcbfd3f36648cabd6fb06f48495f4d4 (patch)
tree8fe35b70fa2fb505cb48e5c5db440bb16b6e62cf /config
parent7be07d8a4789e9b18e8bc5f1abc5e8f29aa994cf (diff)
parent98a18593f754a5511d4f59aab3e5f80754b90cac (diff)
Merge remote-tracking branch 'origin/devel' into feature/5926-freezable-APT-repository
Diffstat (limited to 'config')
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_files5
-rw-r--r--config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf1
2 files changed, 6 insertions, 0 deletions
diff --git a/config/chroot_local-hooks/98-remove_unwanted_files b/config/chroot_local-hooks/98-remove_unwanted_files
index 030e03f..43433fb 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_files
+++ b/config/chroot_local-hooks/98-remove_unwanted_files
@@ -30,3 +30,8 @@ find /etc/ssl/certs /etc/ssl/private |
fi
done
update-ca-certificates
+
+# Remove the kernel .map files which are only useful for kernel
+# debugging (and slightly make things easier for malware, perhaps) and
+# otherwise just occupy disk space.
+rm -f /boot/*.map /boot/*.map-*
diff --git a/config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf b/config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf
new file mode 100644
index 0000000..a1e18e8
--- /dev/null
+++ b/config/chroot_local-includes/etc/sysctl.d/kptr_restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=2