From faa69f13fe5ce5db08687c4fca5492ae0a0b6b5d 2018-12-09 04:47:38
From: Unknown <xyz258@abwesend.de>
Date: 2018-12-09 04:47:38
Subject: [PATCH] Enable ASLR if KERNEL_SECURITY is enabled


---

diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh
index c695418..6452d36 100644
--- a/bootstrap.d/15-rpi-config.sh
+++ b/bootstrap.d/15-rpi-config.sh
@@ -82,6 +82,11 @@ if [ "$ENABLE_PRINTK" = true ] ; then
   install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
 fi
 
+# Enable Kernel messages on standard output
+if [ "$KERNEL_SECURITY" = true ] ; then
+  install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
+fi
+
 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
 
diff --git a/files/sysctl.d/84-rpi-ASLR.conf b/files/sysctl.d/84-rpi-ASLR.conf
new file mode 100644
index 0000000..da4ad13
--- /dev/null
+++ b/files/sysctl.d/84-rpi-ASLR.conf
@@ -0,0 +1,2 @@
+# ASLR
+kernel.randomize_va_space = 2
\ No newline at end of file