easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

work around with CVE-2019-3874

pull/505/head
gjmzj 2019-03-28 09:44:56 +08:00
parent b88d352ad7
commit b684e96b6f
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/prepare/files/sctp.conf 100644
View File

@ -0,0 +1,2 @@
# put sctp into blacklist
install sctp /bin/true

3
roles/prepare/tasks/common.yml
View File

@ -39,3 +39,6 @@
- name: 设置系统 ulimits - name: 设置系统 ulimits
template: src=30-k8s-ulimits.conf.j2 dest=/etc/security/limits.d/30-k8s-ulimits.conf template: src=30-k8s-ulimits.conf.j2 dest=/etc/security/limits.d/30-k8s-ulimits.conf
- name: 把SCTP列入内核模块黑名单
copy: src=sctp.conf dest=/etc/modprobe.d/sctp.conf