security-misc/etc/sysctl.d/kexec.conf

12 lines
791 B
Plaintext
Raw Normal View History

2019-10-07 01:30:56 -04:00
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
2019-09-06 07:43:55 -04:00
## Quote https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html
##
## kexec_load_disabled:
##
## A toggle indicating if the kexec_load syscall has been disabled. This value defaults to 0 (false: kexec_load enabled), but can be set to 1 (true: kexec_load disabled). Once true, kexec can no longer be used, and the toggle cannot be set back to false. This allows a kexec image to be loaded before disabling the syscall, allowing a system to set up (and later use) an image without it being altered. Generally used together with the "modules_disabled" sysctl.
## Disables kexec which can be used to replace the running kernel.
2019-05-06 11:42:55 -04:00
kernel.kexec_load_disabled=1