Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 15:47:25 -05:00
Code Issues Projects Releases Packages Wiki Activity

Improve clarity for panic on OOM

Browse source
This commit is contained in:
raja-grewal 2025-11-11 11:32:47 +00:00 committed by GitHub
parent b89aaea61e
commit 0b9b9ffb1e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
View file

@ -201,7 +201,6 @@ kernel.perf_event_paranoid=3
## Force immediate kernel panic on OOM (out of memory) scenarios.
## Registers a kernel panic whenever the oom_killer is triggered to kill some rouge process based on their OOM score.
## Note that this must be used with kernel.panic=-1 for it to be function as intended.
## This prevents security features such as the screen locker, kloak, and emerg-shutdown from being arbitrarily terminated.
## Enabling these two together creates a risk of userspace-based denial-of-service attacks that maliciously fill memory.
## This forces immediate system reboot rather than placing any reliance on the oom_killer.
@ -213,6 +212,8 @@ kernel.perf_event_paranoid=3
## https://github.com/KSPP/kspp.github.io/issues/9
## https://github.com/Kicksecure/security-misc/issues/324
##
## Note that this must be used with kernel.panic=-1 for it to function as intended.
##
#vm.panic_on_oom=2
## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.