From b552b92401f67d59e12ac6fda2f7fe1c54b0c8a7 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Thu, 15 Aug 2024 11:54:21 +1000
Subject: [PATCH] Add references on `fs.binfmt_misc.status`

---
 usr/lib/sysctl.d/990-security-misc.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 747ca67..7df6f03 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -206,6 +206,10 @@ vm.max_map_count=1048576
 ## https://en.wikipedia.org/wiki/Binfmt_misc
 ## https://security.stackexchange.com/questions/271786/does-allowing-binfmt-misc-significantly-increase-the-attack-surface-for-unprivil
 ## https://unix.stackexchange.com/questions/439569/what-kinds-of-executable-formats-do-the-files-under-proc-sys-fs-binfmt-misc-al
+## https://github.com/Kicksecure/security-misc/pull/249
+##
+## KSPP=yes
+## KSPP does not set CONFIG_BINFMT_MISC.
 ##
 fs.binfmt_misc.status=0