From 0b9b9ffb1e87850e3296d0420c305062b66868d5 Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Tue, 11 Nov 2025 11:32:47 +0000
Subject: [PATCH] Improve clarity for panic on OOM

---
 usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared b/usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
index 594ea33..121ee5c 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
+++ b/usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
@@ -201,7 +201,6 @@ kernel.perf_event_paranoid=3
 
 ## Force immediate kernel panic on OOM (out of memory) scenarios.
 ## Registers a kernel panic whenever the oom_killer is triggered to kill some rouge process based on their OOM score.
-## Note that this must be used with kernel.panic=-1 for it to be function as intended.
 ## This prevents security features such as the screen locker, kloak, and emerg-shutdown from being arbitrarily terminated.
 ## Enabling these two together creates a risk of userspace-based denial-of-service attacks that maliciously fill memory.
 ## This forces immediate system reboot rather than placing any reliance on the oom_killer.
@@ -213,6 +212,8 @@ kernel.perf_event_paranoid=3
 ## https://github.com/KSPP/kspp.github.io/issues/9
 ## https://github.com/Kicksecure/security-misc/issues/324
 ##
+## Note that this must be used with kernel.panic=-1 for it to function as intended.
+##
 #vm.panic_on_oom=2
 
 ## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.