[PATCH] disable runtime kernel replacement via kexec

Signed-off-by: Peter Müller peter.mueller@link38.eu --- config/etc/sysctl.conf | 4 ++++ 1 file changed, 4 insertions(+)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 011c4287e..5735dd42e 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -48,3 +48,7 @@ kernel.kptr_restrict = 1

# Avoid kernel memory address exposures via dmesg. kernel.dmesg_restrict = 1 + +# Turn off kexec, even if it's built in (dangerous because +# it can replace the running kernel). +kernel.kexec_load_disabled = 1