diff --git a/sysctl.conf b/sysctl.conf
index 6559310a..e846a57d 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -57,3 +57,8 @@ net/ipv4/icmp_echo_ignore_broadcasts =1
 # This limits PID values to 4 digits, which allows tools like ps
 # to save screen space.
 kernel/pid_max=10000
+
+# Protects against creating or following links under certain conditions
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks = 1
+#fs.protected_symlinks = 1