From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] disable runtime kernel replacement via kexec
Date: Mon, 20 Aug 2018 10:03:44 +0100
Message-ID: <8e45ff496b845cea51ed1ba0de53963b1ce2816f.camel@ipfire.org>
In-Reply-To: <3e6df0d2-7cc8-240c-4d8d-cb154b9fccaa@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3391621882923040780=="
List-Id: <development.lists.ipfire.org>

--===============3391621882923040780==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

To avoid this noise on the list, please *thoroughly* test those changes befor=
e.

Although this is a trivial patch itself with only a one-line change, those
changes can have loads of implications.

Best,
-Michael

On Sun, 2018-08-19 at 20:14 +0200, Peter M=C3=BCller wrote:
> Hello,
>=20
> please ignore this patch as it contains some errors leading
> to key lookup failures in sysctl.
>=20
> Sorry for the inconvenience.
>=20
> Thanks, and best regards,
> Peter M=C3=BCller
>=20
> > Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
> > ---
> >  config/etc/sysctl.conf | 4 ++++
> >  1 file changed, 4 insertions(+)
> >=20
> > diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
> > index 011c4287e..5735dd42e 100644
> > --- a/config/etc/sysctl.conf
> > +++ b/config/etc/sysctl.conf
> > @@ -48,3 +48,7 @@ kernel.kptr_restrict =3D 1
> > =20
> >  # Avoid kernel memory address exposures via dmesg.
> >  kernel.dmesg_restrict =3D 1
> > +
> > +# Turn off kexec, even if it's built in (dangerous because
> > +# it can replace the running kernel).
> > +kernel.kexec_load_disabled =3D 1
> >=20
>=20
>=20


--===============3391621882923040780==--