# mounted-proc - Fix perms on sensitive /proc filesystem entries
#
# Some files in /proc have sensitive contents that can be used to
# help attackers launch kernel exploits. Making these files readable
# only by root slightly reduces the chances of these kinds of attacks
# being successful.

description	"Fix-up sensitive /proc filesystem entries"

start on mounted MOUNTPOINT=/proc TYPE=proc
env MOUNTPOINT=/proc

task

script
    if [ -e "${MOUNTPOINT}"/slabinfo ]; then
        chmod 0400 "${MOUNTPOINT}"/slabinfo
    fi
end script