convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline
Open, NormalPublic
Actions

Assigned To

None

Authored By

	Patrick
	Apr 16 2020, 9:29 AM

Tags

Subscribers

Description

Maybe from Linux 5.7+ sysctls can be set from Linux boot cmdline.

Details

Impact: Normal

Related Objects

Mentioned In: T950: set kernel.printk sysctl to prevent kernel info leaks

Event Timeline

Patrick triaged this task as Normal priority.Apr 16 2020, 9:29 AM

Patrick created this task.

Herald added a project: Whonix. · View Herald TranscriptApr 16 2020, 9:29 AM

Herald added a subscriber: entr0py. · View Herald Transcript

Patrick mentioned this in T950: set kernel.printk sysctl to prevent kernel info leaks.Apr 16 2020, 9:30 AM

We shouldn't stop using /etc/sysctl.d for compatibility. I think the best way would be to create /etc/default/grub.d/40_sysctl.cfg with:

while read -r line; do
  if [ "$line" = "" ]; then
    continue
  fi
  if [[ "$line" =~ ^# ]]; then
    continue
  fi
  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX sysctl.${line}"
done < /etc/sysctl.d/30_security-misc.conf

Something like that. Maybe covering all of /etc/sysctl.conf and
/etc/sysctl.d folder to GRUB_CMDLINE_LINUX expansion.

Is this still reuqired since we also have early sysctl loading during initramfs?

https://github.com/Whonix/security-misc/blob/master/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs