Merge "init.rc: Lock down access to /proc/net/fib_trie" into oc-mr1-dev
This commit is contained in:
TreeHugger Robot
Android (Google) Code Review
commit
c3090ba2f4
1 changed files with 3 additions and 0 deletions
|
|
@ -148,6 +148,9 @@ on init
|
|||
write /proc/sys/net/ipv4/conf/all/accept_redirects 0
|
||||
write /proc/sys/net/ipv6/conf/all/accept_redirects 0
|
||||
|
||||
# /proc/net/fib_trie leaks interface IP addresses
|
||||
chmod 0400 /proc/net/fib_trie
|
||||
|
||||
# Create cgroup mount points for process groups
|
||||
mkdir /dev/cpuctl
|
||||
mount cgroup none /dev/cpuctl cpu
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue