Provide the option to immediately reboot on a kernel panics

2024-10-01 08:25:45 -04:00 · 2024-07-25 10:28:27 +10:00 · 2024-07-25 10:28:27 +10:00 · ed3336694c
commit ed3336694c
parent 3926b91dcf
3 changed files with 4 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -42,7 +42,8 @@ space, user space, core dumps, and swap space.
 - Restrict kernel profiling and the performance events system to `CAP_PERFMON`.

 - Force the kernel to panic on "oopses" that can potentially indicate and thwart
-  certain kernel exploitation attempts.
+  certain kernel exploitation attempts. Provide the option to reboot immediately
+  on a kernel panic.

 - Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.

--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@ -119,6 +119,7 @@ kernel.perf_event_paranoid=3
 ## See /usr/libexec/security-misc/panic-on-oops for implementation.
 ##
 #kernel.panic_on_oops=1
+#kernel.panic=-1

 ## Enable ASLR for mmap base, stack, VDSO pages, and heap.
 ## Heap randomization can lead to breakages with legacy applications.
--- a/usr/libexec/security-misc/panic-on-oops
+++ b/usr/libexec/security-misc/panic-on-oops
@ -16,3 +16,4 @@ fi
 ## from continuing to run a flawed processes. Many kernel exploits
 ## will also cause an oops which this will make the kernel kill.
 sysctl kernel.panic_on_oops=1
+#sysctl kernel.panic=-1