Feature request: support kexec
This issue is a product of an IRC discussion at 2022-07-14 09:30:00 CEST
Related: #8400 (closed)
Feature
Enable the kexec syscall, such that users may quickly reboot their machines without going through POST and bootloader.
Considerations
kexec is a system call that is used to boot another kernel during runtime. This functionality can be abused to load a malicious kernel and gain arbitrary code execution in kernel mode, so this sysctl disables it.
Linux Hardening Guide | Madaidan's Insecurities, 2022-03-19
Requirements
-
Ship package kexec-tools -
Enable CONFIG_KEXEC=y
inlts.*.config
-
Figure out a good, reliable way of having kexec off by default but togglable without recompiling kernel. (@ncopa's suggested patch)