16 lines
558 B
Plaintext
16 lines
558 B
Plaintext
|
# These are some recommended defaults that users can alter if needed.
|
||
|
# For example, developer systems may want to enable kexec for kernel
|
||
|
# testing, or disable the ptrace restrictions to be able to gdb attach
|
||
|
# to processes without root.
|
||
|
#
|
||
|
# To replace, create a file of the same name in /etc/sysctl.d.
|
||
|
|
||
|
# Avoid kernel memory address exposures via dmesg.
|
||
|
kernel.dmesg_restrict=1
|
||
|
|
||
|
# Turn off kexec, even if it's built in.
|
||
|
kernel.kexec_load_disabled=1
|
||
|
|
||
|
# Avoid non-ancestor ptrace access to running processes and their credentials.
|
||
|
kernel.yama.ptrace_scope=1
|