base-files: kernel hardening

srcpkgs/base-files/files/sysctl.conf

@@ -4,3 +4,18 @@ kernel.core_uses_pid = 1
 # Enable hard and soft link protection
 fs.protected_hardlinks=1
 fs.protected_symlinks=1
+
+# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
+kernel.kptr_restrict=1
+
+# Avoid kernel memory address exposures via dmesg.
+kernel.dmesg_restrict=1
+
+# Block non-uid-0 kernel profiling
+kernel.perf_event_paranoid=2
+
+# Turn off kexec, even if it's built in.
+kernel.kexec_load_disabled=1
+
+# Avoid non-ancestor ptrace access to running processes and their credentials.
+kernel.yama.ptrace_scope=1

srcpkgs/base-files/template

@@ -1,7 +1,7 @@
 # Template file for 'base-files'
 pkgname=base-files
 version=0.139
-revision=4
+revision=5
 bootstrap=yes
 depends="xbps-triggers"
 short_desc="Void Linux base system files"