Commit 2e7c8332 authored Nov 02, 2011 by Nick Kralevich

Set kptr_restrict to 2.

To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict
to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms

Bug: 5555668
Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b

parent 06286288

rootdir/init.rc

+1 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,7 @@ loglevel 3
		write /proc/sys/kernel/sched_compat_yield 1
		write /proc/sys/kernel/sched_child_runs_first 0
		write /proc/sys/kernel/randomize_va_space 2
		write /proc/sys/kernel/kptr_restrict 2

		# Create cgroup mount points for process groups
		mkdir /dev/cpuctl