Tales from the Kernel Parameter Side (opens in new tab)

(sysdig.com)

38 pointsMiguelHzBz3y ago7 comments

7 comments

Some of the descriptions of sysctl parameters are mixed up and wrong:

  kernel.core_uses_pid  Block USB devices
  kernel.ctrl-alt-del   Disable access to dmesg for unprivileged users
  kernel.dmesg_restrict Disable kexec to prevent kernel livepatching
  kernel.kptr_restrict  Restrict access to kernel logs

The official documentation for /proc/sys and sysctl settings is here: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/in...

The article seems to mostly exist to be a showcase for Falco, which apparently is some sort of file change security monitor.

nerdponx3y ago

The official docs are surprisingly friendly and helpful! This is a great demonstration of the value of reference docs beyond whatever is in the source code.

anderspitman3y ago

I've been playing with QEMU a lot lately. Early on I encountered a fairly fundamental problem: how do you pass arbitrary data to a booting Linux system? I ended up discovering fw_cfg[0], but it feels pretty janky for this purpose and didn't seem to work for larger files like executables. Anyone aware of a better way?

[0]: https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-f...

nrclark3y ago

This isn't a perfect approach, but I've had pretty decent results with QEMU's virtfs for passing data into a QEMU VM (assuming your guest kernel is compiled with support for it).

QEMU's -virtfs option maps a folder on your host to a virtual filesystem. Inside your guest, you can mount the filesystem (assuming your kernel has CONFIG_NET_9P and CONFIG_NET_9P_VIRTIO enabled) and use it however you want.

anderspitman3y ago

Unfortunately I need to support Windows hosts. I believe there's a patch in the works to add support, but it hasn't landed yet.

10000truths3y ago

You can hook up the virtual serial port to stdin/stdout of the host by passing `-serial stdio` or `-nographic` in the QEMU args. You can then read from/write to the serial port in the VM.

bombela3y ago

Update the grub config directly. You can probably mount /boot from the outside?

j / k navigate · click thread line to collapse

7 comments

teddyh3y ago

Some of the descriptions of sysctl parameters are mixed up and wrong:

  kernel.core_uses_pid  Block USB devices
  kernel.ctrl-alt-del   Disable access to dmesg for unprivileged users
  kernel.dmesg_restrict Disable kexec to prevent kernel livepatching
  kernel.kptr_restrict  Restrict access to kernel logs

The official documentation for /proc/sys and sysctl settings is here: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/in...

The article seems to mostly exist to be a showcase for Falco, which apparently is some sort of file change security monitor.

nerdponx3y ago

The official docs are surprisingly friendly and helpful! This is a great demonstration of the value of reference docs beyond whatever is in the source code.

anderspitman3y ago

[0]: https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-f...

nrclark3y ago

This isn't a perfect approach, but I've had pretty decent results with QEMU's virtfs for passing data into a QEMU VM (assuming your guest kernel is compiled with support for it).

anderspitman3y ago

Unfortunately I need to support Windows hosts. I believe there's a patch in the works to add support, but it hasn't landed yet.

10000truths3y ago

You can hook up the virtual serial port to stdin/stdout of the host by passing `-serial stdio` or `-nographic` in the QEMU args. You can then read from/write to the serial port in the VM.

bombela3y ago

Update the grub config directly. You can probably mount /boot from the outside?

j / k navigate · click thread line to collapse