Partial compliance with the KSPP on kernel panics

2024-10-01 08:25:45 -04:00 · 2024-08-19 10:53:05 +10:00 · 2024-08-19 10:53:05 +10:00 · 94dab1b7c5
commit 94dab1b7c5
parent 683110e7f0
2 changed files with 4 additions and 4 deletions
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@ -119,8 +119,8 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
 ##
 ## https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
 ##
-## KSPP=yes
-## KSPP sets CONFIG_PANIC_ON_OOPS=y and CONFIG_PANIC_TIMEOUT=-1.
+## KSPP=partial
+## KSPP sets CONFIG_PANIC_ON_OOPS=y, but also requries CONFIG_PANIC_TIMEOUT=-1.
 ##
 ## See /usr/libexec/security-misc/panic-on-oops for implementation.
 ##
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@ -139,8 +139,8 @@ kernel.perf_event_paranoid=3
 ##
 ## https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
 ##
-## KSPP=yes
-## KSPP sets CONFIG_PANIC_ON_OOPS=y and CONFIG_PANIC_TIMEOUT=-1.
+## KSPP=partial
+## KSPP sets CONFIG_PANIC_ON_OOPS=y, but also requries CONFIG_PANIC_TIMEOUT=-1.
 ##
 ## See /usr/libexec/security-misc/panic-on-oops for implementation.
 ##