Enable panic_on_warn=1

README.md

@@ -43,9 +43,10 @@ Kernel space:
 
 - Restrict kernel profiling and the performance events system to `CAP_PERFMON`.
 
-- Force the kernel to panic on "oopses" that can potentially indicate and thwart
+- Force the kernel to panic on both "oopses", which can potentially indicate and thwart
-  certain kernel exploitation attempts. Optional - Force immediate reboot on the
+  certain kernel exploitation attempts, and also kernel warnings in the `WARN()` path.
-  occurrence of a kernel panic and also set panic limit to one (when using Linux kernel >= 6.2).
+  Optional - Force immediate reboot on the occurrence of a single kernel panic and also
+  (when using Linux kernel >= 6.2) limit the number of allowed panics to one.
 
 - Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
 

usr/libexec/security-misc/panic-on-oops

@@ -12,12 +12,12 @@ if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then
    source /usr/libexec/helper-scripts/pre.bsh
 fi
 
-## Makes the kernel panic on oopses. This prevents the kernel
+## Makes the kernel panic on oopses and warnings. This prevents the
-## from continuing to run a flawed processes. Many kernel exploits
+## kernel from continuing to run a flawed processes. Many kernel
-## will also cause an oops which this will make the kernel kill
+## exploits will also cause an oops, these settings will make the
-## the offending processes.
+## kernel kill the offending processes.
 #sysctl kernel.panic=-1
 sysctl kernel.panic_on_oops=1
-#sysctl kernel.panic_on_warn=1
+sysctl kernel.panic_on_warn=1
 #sysctl kernel.oops_limit=1
 #sysctl kernel.warn_limit=1