readme

2025-07-06 08:24:03 +07:00 · 2020-01-15 10:08:57 -05:00
parent 8ab4623f8e
commit 73e830d0ac
1 changed files with 3 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -99,6 +99,9 @@ a target for ROP.
 * The vivid kernel module is blacklisted as it's only required for testing
 and has been the cause of multiple vulnerabilities.

+* An initramfs hook sets the sysctl values in /etc/sysctl.d before init
+is executed so our hardening is enabled as early as possible.
+
 * The kernel panics on oopses to prevent it from continuing to run a flawed
 process and to deter brute forcing.