Merge pull request #55 from madaidan/sysctl.conf

Process sysctl.conf in initramfs
2024-10-01 08:25:45 -04:00 · 2020-01-15 20:52:33 +00:00 · 2020-01-15 20:52:33 +00:00 · f6cc76acd7
commit f6cc76acd7
parent e110ea0b84 1df48a226d
2 changed files with 4 additions and 2 deletions
--- a/debian/control
+++ b/debian/control
@ -117,8 +117,9 @@ Description: enhances misc security settings
  * The vivid kernel module is blacklisted as it's only required for testing
 and has been the cause of multiple vulnerabilities.
 .
-  * An initramfs hook sets the sysctl values in /etc/sysctl.d before init
- is executed so sysctl hardening is enabled as early as possible.
+  * An initramfs hook sets the sysctl values in /etc/sysctl.conf and
+ /etc/sysctl.d before init is executed so sysctl hardening is enabled
+ as early as possible.
 .
  * The kernel panics on oopses to prevent it from continuing to run a flawed
 process and to deter brute forcing.
--- a/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs
+++ b/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs
@ -15,4 +15,5 @@ prereqs)
        ;;
 esac

+sysctl -p ${rootmnt}/etc/sysctl.conf
 sysctl -p ${rootmnt}/etc/sysctl.d/*.conf