Commit 52a23616 authored by intrigeri's avatar intrigeri
Browse files

Disable kexec, to make our attack surface a bit smaller.

parent 6fad653b
......@@ -97,3 +97,7 @@ kernel address map from some external source. This is not hard, but
certainly not all malware has such functionality.
For this reason, we also make sure to purge `/boot/`.
### `kernel.kexec_load_disabled = 1`
kexec is dangerous: it enables replacement of the running kernel.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment