From 3cd7b144bba1a92ca771b16fc5215073c7561a1a Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Thu, 14 May 2020 13:47:58 -0400 Subject: [PATCH] move "kernel.printk = 3 3 3 3" to separate file /etc/sysctl.d/30_silent-kernel-printk.conf so package debug-misc can easily disable it https://phabricator.whonix.org/T950 --- etc/sysctl.d/30_security-misc.conf | 5 ----- etc/sysctl.d/30_silent-kernel-printk.conf | 6 ++++++ 2 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 etc/sysctl.d/30_silent-kernel-printk.conf diff --git a/etc/sysctl.d/30_security-misc.conf b/etc/sysctl.d/30_security-misc.conf index d66566f..18902ef 100644 --- a/etc/sysctl.d/30_security-misc.conf +++ b/etc/sysctl.d/30_security-misc.conf @@ -8,10 +8,6 @@ kernel.core_pattern=|/bin/false ## Restricts the kernel log to root only. kernel.dmesg_restrict=1 -## Prevent kernel info leaks in console during boot. -## https://phabricator.whonix.org/T950 -kernel.printk = 3 3 3 3 - ## Don't allow writes to files that we don't own ## in world writable sticky directories, unless ## they are owned by the owner of the directory. @@ -149,4 +145,3 @@ vm.unprivileged_userfaultfd=0 ## - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/s-memory-tunables.html ## - https://en.wikipedia.org/wiki/Swappiness vm.swappiness=1 - diff --git a/etc/sysctl.d/30_silent-kernel-printk.conf b/etc/sysctl.d/30_silent-kernel-printk.conf new file mode 100644 index 0000000..69db9a6 --- /dev/null +++ b/etc/sysctl.d/30_silent-kernel-printk.conf @@ -0,0 +1,6 @@ +## Copyright (C) 2019 - 2020 ENCRYPTED SUPPORT LP +## See the file COPYING for copying conditions. + +## Prevent kernel info leaks in console during boot. +## https://phabricator.whonix.org/T950 +kernel.printk = 3 3 3 3