Hello,

Thanks for the patch, but this broken shipping the files which I hopefully fixed properly here:

  https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=7ae1dcb33e27d2ea354acd6e7093741781e4092d

Best,
-Michael

> On 9 Apr 2021, at 20:13, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> The second version of this patch splits this up into different
> architecture-specific sysctl config files, as i586 does not support BPF
> JIT, hence the net.core.bpf_jit_harden does not exist on that
> architecture.
> 
> Fixes: #12384
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/etc/sysctl-aarch64.conf  | 2 ++
> config/etc/sysctl-armv5tel.conf | 2 ++
> config/etc/sysctl-x86_64.conf   | 3 +++
> 3 files changed, 7 insertions(+)
> create mode 100644 config/etc/sysctl-aarch64.conf
> create mode 100644 config/etc/sysctl-armv5tel.conf
> 
> diff --git a/config/etc/sysctl-aarch64.conf b/config/etc/sysctl-aarch64.conf
> new file mode 100644
> index 000000000..9f840806d
> --- /dev/null
> +++ b/config/etc/sysctl-aarch64.conf
> @@ -0,0 +1,2 @@
> +# Turn on BPF JIT hardening, if the JIT is enabled.
> +net.core.bpf_jit_harden = 2
> diff --git a/config/etc/sysctl-armv5tel.conf b/config/etc/sysctl-armv5tel.conf
> new file mode 100644
> index 000000000..9f840806d
> --- /dev/null
> +++ b/config/etc/sysctl-armv5tel.conf
> @@ -0,0 +1,2 @@
> +# Turn on BPF JIT hardening, if the JIT is enabled.
> +net.core.bpf_jit_harden = 2
> diff --git a/config/etc/sysctl-x86_64.conf b/config/etc/sysctl-x86_64.conf
> index 7384bed51..c7abecc5d 100644
> --- a/config/etc/sysctl-x86_64.conf
> +++ b/config/etc/sysctl-x86_64.conf
> @@ -1,3 +1,6 @@
> # Improve KASLR effectiveness for mmap
> vm.mmap_rnd_bits = 32
> vm.mmap_rnd_compat_bits = 16
> +
> +# Turn on BPF JIT hardening, if the JIT is enabled.
> +net.core.bpf_jit_harden = 2
> -- 
> 2.26.2
>