Add documentation on sysctl kernel.panic_on_oops=1

2025-07-06 08:24:03 +07:00 · 2024-07-25 10:26:23 +10:00
parent 1b6161c2dc
commit 3926b91dcf
2 changed files with 14 additions and 0 deletions
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@ -109,6 +109,17 @@ kernel.sysrq=0
 ##
 kernel.perf_event_paranoid=3

+## Force the kernel to panic on "oopses".
+## Can sometimes potentially indicate and thwart certain kernel exploitation attempts.
+## Also cause panics on machine check exceptions.
+## Panics may be due to false-positives such as bad drivers.
+##
+## https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
+##
+## See /usr/libexec/security-misc/panic-on-oops for implementation.
+##
+#kernel.panic_on_oops=1
+
 ## Enable ASLR for mmap base, stack, VDSO pages, and heap.
 ## Heap randomization can lead to breakages with legacy applications.
 ##