hngopher.com

       [HN Gopher] Tales from the Kernel Parameter Side
       ___________________________________________________________________
        
       Tales from the Kernel Parameter Side
        
       Author : MiguelHzBz
       Score  : 25 points
       Date   : 2022-11-04 07:52 UTC (1 days ago)
        
 (HTM) web link (sysdig.com)
 (TXT) w3m dump (sysdig.com)
        
       | teddyh wrote:
       | Some of the descriptions of sysctl parameters are mixed up and
       | wrong:                 kernel.core_uses_pid  Block USB devices
       | kernel.ctrl-alt-del   Disable access to dmesg for unprivileged
       | users       kernel.dmesg_restrict Disable kexec to prevent kernel
       | livepatching       kernel.kptr_restrict  Restrict access to
       | kernel logs
       | 
       | The _official_ documentation for  /proc/sys and sysctl settings
       | is here: https://www.kernel.org/doc/html/latest/admin-
       | guide/sysctl/in...
       | 
       | The article seems to mostly exist to be a showcase for Falco,
       | which apparently is some sort of file change security monitor.
        
         | nerdponx wrote:
         | The official docs are surprisingly friendly and helpful! This
         | is a great demonstration of the value of reference docs beyond
         | whatever is in the source code.
        
       | anderspitman wrote:
       | I've been playing with QEMU a lot lately. Early on I encountered
       | a fairly fundamental problem: how do you pass arbitrary data to a
       | booting Linux system? I ended up discovering fw_cfg[0], but it
       | feels pretty janky for this purpose and didn't seem to work for
       | larger files like executables. Anyone aware of a better way?
       | 
       | [0]:
       | https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-f...
        
         | bombela wrote:
         | Update the grub config directly. You can probably mount /boot
         | from the outside?
        
         | nrclark wrote:
         | This isn't a perfect approach, but I've had pretty decent
         | results with QEMU's virtfs for passing data into a QEMU VM
         | (assuming your guest kernel is compiled with support for it).
         | 
         | QEMU's -virtfs option maps a folder on your host to a virtual
         | filesystem. Inside your guest, you can mount the filesystem
         | (assuming your kernel has CONFIG_NET_9P and
         | CONFIG_NET_9P_VIRTIO enabled) and use it however you want.
        
           | anderspitman wrote:
           | Unfortunately I need to support Windows hosts. I believe
           | there's a patch in the works to add support, but it hasn't
           | landed yet.
        
       ___________________________________________________________________
       (page generated 2022-11-05 23:01 UTC)