Tales from the Kernel Parameter Side
sysdig.comSome of the descriptions of sysctl parameters are mixed up and wrong:
kernel.core_uses_pid Block USB devices
kernel.ctrl-alt-del Disable access to dmesg for unprivileged users
kernel.dmesg_restrict Disable kexec to prevent kernel livepatching
kernel.kptr_restrict Restrict access to kernel logs
The article seems to mostly exist to be a showcase for Falco, which apparently is some sort of file change security monitor.
The official docs are surprisingly friendly and helpful! This is a great demonstration of the value of reference docs beyond whatever is in the source code.
I've been playing with QEMU a lot lately. Early on I encountered a fairly fundamental problem: how do you pass arbitrary data to a booting Linux system? I ended up discovering fw_cfg[0], but it feels pretty janky for this purpose and didn't seem to work for larger files like executables. Anyone aware of a better way?
[0]: https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-f...
This isn't a perfect approach, but I've had pretty decent results with QEMU's virtfs for passing data into a QEMU VM (assuming your guest kernel is compiled with support for it).
QEMU's -virtfs option maps a folder on your host to a virtual filesystem. Inside your guest, you can mount the filesystem (assuming your kernel has CONFIG_NET_9P and CONFIG_NET_9P_VIRTIO enabled) and use it however you want.
Unfortunately I need to support Windows hosts. I believe there's a patch in the works to add support, but it hasn't landed yet.
You can hook up the virtual serial port to stdin/stdout of the host by passing `-serial stdio` or `-nographic` in the QEMU args. You can then read from/write to the serial port in the VM.
Update the grub config directly. You can probably mount /boot from the outside?