Why sysrq is limited to only "sync" command on official fedora kernel?

Lennart Poettering mzerqung at 0pointer.de
Wed Feb 25 17:29:24 UTC 2015


On Wed, 25.02.15 11:16, Chris Adams (linux at cmadams.net) wrote:

> Once upon a time, Lennart Poettering <mzerqung at 0pointer.de> said:
> > We generally default "secure". The thing is that with sysrq you can
> > kill arbitrary processes if you have acecss to the console, and other
> > things, and that's just too security sensitive.
> 
> There are other useful things, like sync, remount read-only, reboot,
> poweroff, that we already allow console users to do other ways by
> default.  Allowing them to do them through SysRq seems like a good idea
> IMHO.

Hmm? Syncing is allowed to my knowledge. C-a-d and gdm allow a clean
reboot/poweroff. But sysrq does an abnormal reboot/poweroff, which we
cannot allow. Similar, remounting read-only is also security senstive,
which we cannot allow.

Without being logged in there's very little you can do on a host right
now, and sysrq should not open up more there by default.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the devel mailing list