2024-05-11 10:18:36 +07:00
|
|
|
## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
2023-01-26 03:13:19 +07:00
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
2024-07-13 19:41:40 +07:00
|
|
|
## Disables kexec which can be used to replace the running kernel.
|
|
|
|
|
## Useful for live kernel patching without rebooting.
|
2023-01-26 03:13:19 +07:00
|
|
|
##
|
2024-07-13 19:41:40 +07:00
|
|
|
## https://en.wikipedia.org/wiki/Kexec
|
2023-01-26 03:13:19 +07:00
|
|
|
##
|
|
|
|
|
kernel.kexec_load_disabled=1
|
2023-01-26 03:20:30 +07:00
|
|
|
|
|
|
|
|
## Why is this in a dedicated config file?
|
|
|
|
|
## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
|
|
|
|
|
## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
|
|
|
|
|
## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
|
|
|
|
|
## it cannot be undone without reboot. This is a upstream Linux security feature.
|
