Page MenuHomePhabricator
Create Task
Maniphest T984

convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline
Closed, InvalidPublic
Actions

Description

Maybe from Linux 5.7+ sysctls can be set from Linux boot cmdline.

Details

Impact
Normal

Related Objects

Event Timeline

Patrick triaged this task as Normal priority.Apr 16 2020, 9:29 AM
Patrick created this task.
Herald added a project: Whonix. · View Herald TranscriptApr 16 2020, 9:29 AM
Herald added a subscriber: entr0py. · View Herald Transcript
Patrick mentioned this in T950: set kernel.printk sysctl to prevent kernel info leaks.Apr 16 2020, 9:30 AM
madaidan added a comment.Apr 16 2020, 5:31 PM

We shouldn't stop using /etc/sysctl.d for compatibility. I think the best way would be to create /etc/default/grub.d/40_sysctl.cfg with:

while read -r line; do
  if [ "$line" = "" ]; then
    continue
  fi
  if [[ "$line" =~ ^# ]]; then
    continue
  fi
  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX sysctl.${line}"
done < /etc/sysctl.d/30_security-misc.conf
Patrick added a comment.Apr 16 2020, 8:47 PM

Something like that. Maybe covering all of /etc/sysctl.conf and
/etc/sysctl.d folder to GRUB_CMDLINE_LINUX expansion.

Patrick added a comment.Dec 15 2021, 10:50 AM

Is this still reuqired since we also have early sysctl loading during initramfs?

https://github.com/Whonix/security-misc/blob/master/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs

Patrick closed this task as Invalid.Jan 19 2023, 10:48 AM
Patrick claimed this task.

And we also port to dracut which also does early sysctl loading.
Adding tons of sysctl to an already very long kernel command line (do we got the world record already :) seems excessive.
Since nobody is making the argument anymore, rejecting this ticket.

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer