From ccdbc52b82993f0078c16ba99248eb4569539344 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 6 Sep 2019 11:43:55 +0000
Subject: [PATCH] comment

---
 etc/sysctl.d/kexec.conf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/etc/sysctl.d/kexec.conf b/etc/sysctl.d/kexec.conf
index a9c8272..a863ab5 100644
--- a/etc/sysctl.d/kexec.conf
+++ b/etc/sysctl.d/kexec.conf
@@ -1,2 +1,8 @@
-# Disables kexec which can be used to replace the running kernel
+## Quote https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html
+##
+## kexec_load_disabled:
+##
+## A toggle indicating if the kexec_load syscall has been disabled. This value defaults to 0 (false: kexec_load enabled), but can be set to 1 (true: kexec_load disabled). Once true, kexec can no longer be used, and the toggle cannot be set back to false. This allows a kexec image to be loaded before disabling the syscall, allowing a system to set up (and later use) an image without it being altered. Generally used together with the "modules_disabled" sysctl.
+
+## Disables kexec which can be used to replace the running kernel.
 kernel.kexec_load_disabled=1