Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-07 17:52:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

Refactor existing sysctl for clarity

Browse source
This commit is contained in:
Raja Grewal 2024-07-13 22:41:40 +10:00
parent f34b9d7c45
commit 2de3a79599
No known key found for this signature in database
GPG key ID: 92CA473C156B64C4
5 changed files with 330 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

9
usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
View file

@ -1,12 +1,11 @@
## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Quote https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html
##
## kexec_load_disabled:
##
## A toggle indicating if the kexec_load syscall has been disabled. This value defaults to 0 (false: kexec_load enabled), but can be set to 1 (true: kexec_load disabled). Once true, kexec can no longer be used, and the toggle cannot be set back to false. This allows a kexec image to be loaded before disabling the syscall, allowing a system to set up (and later use) an image without it being altered. Generally used together with the "modules_disabled" sysctl.
## Disables kexec which can be used to replace the running kernel.
## Useful for live kernel patching without rebooting.
##
## https://en.wikipedia.org/wiki/Kexec
##
kernel.kexec_load_disabled=1
## Why is this in a dedicated config file?