From 7ab2793aa956695f7b31ed5fb7691494615e4934 Mon Sep 17 00:00:00 2001
From: "Crank, Daniel (dc6350)" <dc6350@att.com>
Date: Mon, 5 Nov 2018 16:25:12 -0600
Subject: [PATCH] Set kernel.randomize_va_space = 2

Set the kernel tunable "randomize_va_space" to 2
to prevent buffer overflow exploits.

Change-Id: I19ccabf7dd7c63bf2030c5d6d4275ce6b29166c1
---
 global/software/charts/ucp/divingbell/divingbell.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/global/software/charts/ucp/divingbell/divingbell.yaml b/global/software/charts/ucp/divingbell/divingbell.yaml
index 2e30ea9d5..f916093aa 100644
--- a/global/software/charts/ucp/divingbell/divingbell.yaml
+++ b/global/software/charts/ucp/divingbell/divingbell.yaml
@@ -49,6 +49,8 @@ data:
         # Reboot the node 60 seconds after a kernel panic, instead of default
         # value of 0 (i.e. never reboot)
         kernel.panic: '60'
+        # Randomize stack space to prevent buffer overflow exploits
+        kernel.randomize_va_space: '2'
         # Accept gratuitous ARP to support failover scenarios
         # https://bugs.launchpad.net/fuel/+bug/1456272
         net.ipv4.conf.default.arp_accept: '1'