Minor documentation changes and fixes

2025-05-08 04:45:00 -04:00 · 2024-07-14 01:21:24 +10:00 · 2024-07-14 01:21:24 +10:00 · 565597c9a2
commit 565597c9a2
parent 2de3a79599
3 changed files with 18 additions and 21 deletions
--- a/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
+++ b/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
@ -1,15 +1,16 @@
 ## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.

+## NOTE:
+## Why is this in a dedicated config file?
+## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
+## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
+## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
+## it cannot be undone without reboot. This is a upstream Linux security feature.
+
 ## Disables kexec which can be used to replace the running kernel.
 ## Useful for live kernel patching without rebooting.
 ##
 ## https://en.wikipedia.org/wiki/Kexec
 ##
 kernel.kexec_load_disabled=1
-
-## Why is this in a dedicated config file?
-## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
-## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
-## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
-## it cannot be undone without reboot. This is a upstream Linux security feature.