Skip to content

Commit

Permalink
Clean up whitespaces
Browse files Browse the repository at this point in the history
  • Loading branch information
@kravietz
kravietz committed Jul 21, 2021
1 parent f100d7f commit 16101bb
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions roles/os_hardening/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,11 +280,11 @@ sysctl_config:
# address-space fragmentation. | Tail-1
vm.mmap_rnd_bits: 32
vm.mmap_rnd_compat_bits: 16

# Disable unprivileged users from loading eBPF programs into the kernel.
# One of mitigations against CVE-2021-33909. | Tail-2
kernel.unprivileged_bpf_disabled: 1

# Reduce attack surface by disabling unprivileged user namespaces.
# Mitigates CVE-2021-33909 and other exploits.
kernel.unprivileged_userns_clone: 0
Expand Down

0 comments on commit 16101bb

Please sign in to comment.