Page MenuHomePhabricator
Create Task
Maniphest T984

convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline
Open, NormalPublic
Actions

Description

Maybe from Linux 5.7+ sysctls can be set from Linux boot cmdline.

Details

Impact
Normal

Related Objects

Event Timeline

Patrick triaged this task as Normal priority.Apr 16 2020, 9:29 AM
Patrick created this task.
Herald added a project: Whonix. · View Herald TranscriptApr 16 2020, 9:29 AM
Herald added a subscriber: entr0py. · View Herald Transcript
Patrick mentioned this in T950: set kernel.printk sysctl to prevent kernel info leaks.Apr 16 2020, 9:30 AM
madaidan added a comment.Apr 16 2020, 5:31 PM

We shouldn't stop using /etc/sysctl.d for compatibility. I think the best way would be to create /etc/default/grub.d/40_sysctl.cfg with:

while read -r line; do
  if [ "$line" = "" ]; then
    continue
  fi
  if [[ "$line" =~ ^# ]]; then
    continue
  fi
  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX sysctl.${line}"
done < /etc/sysctl.d/30_security-misc.conf
Patrick added a comment.Apr 16 2020, 8:47 PM

Something like that. Maybe covering all of /etc/sysctl.conf and
/etc/sysctl.d folder to GRUB_CMDLINE_LINUX expansion.

Patrick added a comment.Dec 15 2021, 10:50 AM

Is this still reuqired since we also have early sysctl loading during initramfs?

https://github.com/Whonix/security-misc/blob/master/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer