No, in fact I want to kill that sysctl eventually, perhaps couple this with securelevel=0, and never allow it otherwise.
The days of kernel memory snooping are OVER. > acpidump(8) wants kern.allowkmem. > Does it make sense to put that into examples sysctl.conf? > > Jan > > Index: sysctl.conf > =================================================================== > RCS file: /cvs/src/etc/examples/sysctl.conf,v > retrieving revision 1.4 > diff -u -p -r1.4 sysctl.conf > --- sysctl.conf 3 Apr 2015 15:50:28 -0000 1.4 > +++ sysctl.conf 22 May 2017 11:58:27 -0000 > @@ -33,4 +33,5 @@ > #kern.nosuidcoredump=3 # 3=Put suid coredumps in > /var/crash/progname > #kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if > available > #kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) > retriggering > +#kern.allowkmem=1 # 1=Allow e.g. acpidump to open /dev/kmem > #hw.allowpowerdown=0 # 0=Disable power button shutdown >
