| 1 |
Matt Poletiek wrote: |
| 2 |
> What do I lose by disabling it? If I am reading this correctly all the |
| 3 |
> grsec features will be on by default if sysctl support is disabled? |
| 4 |
|
| 5 |
I don't know the full extent of sysctl's purpose other than you can dynamically |
| 6 |
change kernel parameters. You should (I think) still be able to change them |
| 7 |
through /proc. If that's true, in a really basic sense, then you shouldn't lose |
| 8 |
much if any functionality. |
| 9 |
|
| 10 |
The reason it's killing the hardened features is you can do something like |
| 11 |
"sysctl -w someHardenedFeature=0" to disable it. I'm sure others will have a |
| 12 |
much better explanation, but I believe disabling sysctl will be the quick and |
| 13 |
proper fix. |
| 14 |
-- |
| 15 |
gentoo-hardened@g.o mailing list |
Archives