Force immediate kernel panic on OOM.

This is to avoid security features such as the screen locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts running out of memory. https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 https://github.com/Kicksecure/security-misc/issues/324 `vm.panic_on_oom=2` implements https://github.com/Kicksecure/security-misc/issues/324
2025-11-25 17:06:45 -05:00 · 2025-10-10 08:03:03 -04:00 · 2025-10-10 08:03:03 -04:00 · 968de33c65
commit 968de33c65
parent 98f27c3b2e
2 changed files with 11 additions and 0 deletions
--- a/usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
+++ b/usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
@ -199,6 +199,13 @@ kernel.perf_event_paranoid=3
 ##
 #kernel.panic=-1

+## Force immediate kernel panic on OOM.
+## This is to avoid security features such as the screen locker, kloak, emerg-shutdown
+## from being arbitrarily terminated when the system starts running out of memory.
+## https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14
+## https://github.com/Kicksecure/security-misc/issues/324
+vm.panic_on_oom=2
+
 ## Disable the use of legacy TIOCSTI operations which can be used to inject keypresses.
 ## Can lead to privilege escalation by pushing characters into a controlling TTY.
 ## Will break out-dated screen readers that continue to rely on this legacy functionality.