* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. bcbcd15f64e90a077637af261bdf0f976f846c9a
@ 2020-10-06 12:26 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2020-10-06 12:26 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 3050 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via bcbcd15f64e90a077637af261bdf0f976f846c9a (commit)
via a9d90b1b3f76a76b96a169e91cf3902e4cc0835b (commit)
from 42fca290334baba3bce7738577ae3d3401f4c6d6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bcbcd15f64e90a077637af261bdf0f976f846c9a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 6 12:26:43 2020 +0000
Revert "core152: Load changed /etc/sysctl.conf"
This reverts commit b125988d3fe0e9f9ac231bf821e59365cf74f268.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a9d90b1b3f76a76b96a169e91cf3902e4cc0835b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 6 12:26:26 2020 +0000
Revert "sysctl.conf: prevent autoloading of TTY line disciplines"
This reverts commit 14c65ab71ccbe3b0810ac6986d6ad02486f9f9a4.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/etc/sysctl.conf | 4 ----
config/rootfiles/core/152/filelists/files | 1 -
config/rootfiles/core/152/update.sh | 3 ---
3 files changed, 8 deletions(-)
Difference in files:
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index a100da8e9..be7c07c85 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -39,10 +39,6 @@ net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
-# Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent unprivileged attackers
-# from loading vulnerable line disciplines with the TIOCSETD ioctl.
-dev.tty.ldisc_autoload = 0
-
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
kernel.kptr_restrict = 2
diff --git a/config/rootfiles/core/152/filelists/files b/config/rootfiles/core/152/filelists/files
index c72b45b05..0894d828f 100644
--- a/config/rootfiles/core/152/filelists/files
+++ b/config/rootfiles/core/152/filelists/files
@@ -1,4 +1,3 @@
etc/system-release
etc/issue
-etc/sysctl.conf
srv/web/ipfire/cgi-bin/credits.cgi
diff --git a/config/rootfiles/core/152/update.sh b/config/rootfiles/core/152/update.sh
index 715fa5a7a..5a667aa36 100644
--- a/config/rootfiles/core/152/update.sh
+++ b/config/rootfiles/core/152/update.sh
@@ -49,9 +49,6 @@ ldconfig
# Start services
-# Reload sysctl.conf
-sysctl -p
-
# This update needs a reboot...
#touch /var/run/need_reboot
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-10-06 12:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-06 12:26 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. bcbcd15f64e90a077637af261bdf0f976f846c9a Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox