Force immediate kernel panic on OOM.

This is to avoid security features such as the screen locker, kloak, emerg-shutdown
from being arbitrarily terminated when the system starts running out of memory.

https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14

https://github.com/Kicksecure/security-misc/issues/324

`vm.panic_on_oom=2`

implements https://github.com/Kicksecure/security-misc/issues/324

README.md

@@ -51,6 +51,10 @@ configuration file and significant hardening is applied to a myriad of component
 
 - Force immediate system reboot on the occurrence of a single kernel panic, reducing the
   risk and impact of denial of service attacks and both cold and warm boot attacks.
+  
+- Force immediate kernel panic on OOM. This is to avoid security features such as the screen
+  locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts
+  running out of memory.
 
 - Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
 

usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared

@@ -199,6 +199,13 @@ kernel.perf_event_paranoid=3
 ##
 #kernel.panic=-1
 
+## Force immediate kernel panic on OOM.
+## This is to avoid security features such as the screen locker, kloak, emerg-shutdown
+## from being arbitrarily terminated when the system starts running out of memory.
+## https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14
+## https://github.com/Kicksecure/security-misc/issues/324
+vm.panic_on_oom=2
+
 ## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
 ## Can lead to privilege escalation by pushing characters into a controlling TTY.
 ## Will break out-dated screen readers that continue to rely on this legacy functionality.