From 636db774264a332afc2b81c58206b5f8510fdbbc Mon Sep 17 00:00:00 2001
From: Isaac True <isaac.true@canonical.com>
Date: Mon, 11 Sep 2023 12:23:36 +0200
Subject: [PATCH] ERL-376: nemos-images-*: *: set sysctl kernel.kptr_restrict=1

This setting only allows privileged users to view the kernel memory addresses.

Signed-off-by: Isaac True <isaac.true@canonical.com>
---
 .../qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf  | 1 +
 .../qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf  | 1 +
 .../qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf  | 1 +
 .../qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf    | 1 +
 .../s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf  | 1 +
 12 files changed, 12 insertions(+)
 create mode 100644 nemos-images-minimal-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-minimal-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-minimal-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-minimal-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-minimal-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-minimal-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-reference-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-reference-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-reference-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-reference-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-reference-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
 create mode 100644 nemos-images-reference-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf

diff --git a/nemos-images-minimal-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-minimal-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-minimal-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-minimal-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-minimal-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-minimal-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-minimal-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-minimal-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-minimal-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-minimal-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-minimal-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-minimal-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-minimal-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-minimal-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-minimal-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-minimal-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-minimal-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-minimal-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-reference-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-reference-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-reference-lunar/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-reference-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-reference-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-reference-lunar/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-reference-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-reference-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-reference-lunar/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-reference-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-reference-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-reference-mantic/qemu-amd64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-reference-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-reference-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-reference-mantic/qemu-arm64/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1
diff --git a/nemos-images-reference-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf b/nemos-images-reference-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
new file mode 100644
index 0000000..5f3e130
--- /dev/null
+++ b/nemos-images-reference-mantic/s32g274ardb2/root/etc/sysctl.d/50-kernel-kptr-restrict.conf
@@ -0,0 +1 @@
+kernel.kptr_restrict=1