## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## NOTE:
## Why is this in a dedicated config file?
## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
## it cannot be undone without reboot. This is a upstream Linux security feature.

## Disables kexec which can be used to replace the running kernel.
## Useful for live kernel patching without rebooting.
##
## https://en.wikipedia.org/wiki/Kexec
##
kernel.kexec_load_disabled=1