Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none ` as default kernel command line arguments. This can help prevent local exploits by making it harder to exploit the kernel. I do not think there will be any breakage, I have been using these for a long time. The performance impact is minimal, a few of these can improve performance.
This can help increase the security of Fedora, while also not causing any other problems. Many users do not know what kernel command line arguments are, so doing this will help them with the security of their system. This does not address every problem, or even most of them, but every little bit matters. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
