diff --git a/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf b/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf index 74c0bbf..0177c2c 100644 --- a/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf +++ b/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf @@ -2,15 +2,16 @@ ## See the file COPYING for copying conditions. ## NOTE: -## Why is this in a dedicated config file? -## Package ram-wipe requires kexec. However, ram-wipe could not ship a config -## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'. -## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1' -## it cannot be undone without reboot. This is a upstream Linux security feature. +## This configuration is in a dedicated file because the ram-wipe package +## requires kexec. However, ram-wipe cannot ship a config file +## /etc/sysctl.d/40_ram-wipe.conf that sets 'kernel.kexec_load_disabled=0'. +## Once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1', +## it cannot be undone without a reboot. This is an upstream Linux security feature. -## Disables kexec which can be used to replace the running kernel. -## Useful for live kernel patching without rebooting. +## Disables kexec, which can be used to replace the running kernel. +## Kexec is useful for live kernel patching without rebooting. ## +## For more information, see: ## https://en.wikipedia.org/wiki/Kexec ## kernel.kexec_load_disabled=1 diff --git a/usr/lib/sysctl.d/30_silent-kernel-printk.conf b/usr/lib/sysctl.d/30_silent-kernel-printk.conf index 884a2a6..0d5e4aa 100644 --- a/usr/lib/sysctl.d/30_silent-kernel-printk.conf +++ b/usr/lib/sysctl.d/30_silent-kernel-printk.conf @@ -5,10 +5,11 @@ ## Must be used in combination with the kernel boot parameters. ## See /etc/default/grub.d/41_quiet_boot.cfg for implementation. ## +## For more information, refer to: ## https://www.kernel.org/doc/html/latest/core-api/printk-basics.html ## kernel.printk=3 3 3 3 -## For Increased Log Verbosity: -## Adjust (or comment out) the kernel parameters in /etc/default/grub.d/41_quiet_boot.cfg. -## Alternatively, installing the debug-misc package will undo these settings. +## For increased log verbosity: +## A) Adjust (or comment out) the kernel parameters in /etc/default/grub.d/41_quiet_boot.cfg. Or, +## B) Alternatively, install the debug-misc package to undo these settings.