base-files: disable unprivileged eBPF by default.

eBPF allowed a fair amount of local privilege escalation in
the past, disallow it for ordinary users by default.

srcpkgs/base-files/files/bpf.conf

@@ -0,0 +1,2 @@
+# Block unprivileged use of eBPF
+kernel.unprivileged_bpf_disabled=1

srcpkgs/base-files/files/sysctl.conf

@@ -2,7 +2,7 @@
 # User-alterable options are in 10-void-user.conf.
 
 # Append the PID to the core filename
-kernel.core_uses_pid = 1
+kernel.core_uses_pid=1
 
 # Enable hard and soft link protection
 fs.protected_hardlinks=1

srcpkgs/base-files/template

@@ -1,6 +1,6 @@
 # Template file for 'base-files'
 pkgname=base-files
-version=0.141
+version=0.142
 revision=11
 bootstrap=yes
 depends="xbps-triggers"
@@ -75,6 +75,7 @@ do_install() {
 	# sysctl(8) files
 	vinstall ${FILESDIR}/sysctl.conf 644 usr/lib/sysctl.d 10-void.conf
 	vinstall ${FILESDIR}/sysctl-user.conf 644 usr/lib/sysctl.d 10-void-user.conf
+	vinstall ${FILESDIR}/bpf.conf 644 usr/lib/sysctl.d 20-bpf.conf
 
 	# Install common licenses, from Debian.
 	vmkdir usr/share/licenses