Why sysrq is limited to only "sync" command on official fedora kernel?
mzerqung at 0pointer.de
Wed Feb 25 17:12:09 UTC 2015
On Wed, 25.02.15 18:05, Ali AlipourR (alipoor90 at gmail.com) wrote:
> >> Why sysrq is limited to only "sync" command on official fedora kernel?
> > The kernel itself isn't limited. It's just set that way in
> > /usr/lib/sysctl.d/50-default.conf which is provided by systemd. You
> > can edit that file, create your own in /etc/sysctrl.d/, or (as root)
> > set it to whatever you would like via /proc/sys/kernel/sysrq.
> Of course it can be changed at runtime, but I mean why official fedora
> kernel shouldn't be configured to allow all (or at least a wider
> subset) of sysrq commands by default?
We generally default "secure". The thing is that with sysrq you can
kill arbitrary processes if you have acecss to the console, and other
things, and that's just too security sensitive.
> This way official fedora live CDs are unsuitable for system recovery
> tasks; you have to change sysrq value every time you use live CDs or
> build your own live CD.
I figure for livecds it would be fine to override this.
Lennart Poettering, Red Hat
More information about the devel