1 |
Matt Poletiek wrote: |
2 |
> What do I lose by disabling it? If I am reading this correctly all the |
3 |
> grsec features will be on by default if sysctl support is disabled? |
4 |
|
5 |
I don't know the full extent of sysctl's purpose other than you can dynamically |
6 |
change kernel parameters. You should (I think) still be able to change them |
7 |
through /proc. If that's true, in a really basic sense, then you shouldn't lose |
8 |
much if any functionality. |
9 |
|
10 |
The reason it's killing the hardened features is you can do something like |
11 |
"sysctl -w someHardenedFeature=0" to disable it. I'm sure others will have a |
12 |
much better explanation, but I believe disabling sysctl will be the quick and |
13 |
proper fix. |
14 |
-- |
15 |
gentoo-hardened@g.o mailing list |