diff options
| author |   klondike <klondike@xiscosoft.es> | 2010-12-27 01:45:12 +0100 |
|---|---|---|
| committer | klondike <klondike@xiscosoft.es> | 2010-12-27 01:45:12 +0100 |
| commit | a111eb4d88394210be06e830330041609d7d9355 (patch) | |
| tree | 99a8cffb532070684febfb5dd81b58664f10fb22 /xml/hardenedfaq.xml | |
| parent | Adding blueness suggestions to the FAQ (diff) | |
| download | hardened-docs-a111eb4d88394210be06e830330041609d7d9355.tar.gz hardened-docs-a111eb4d88394210be06e830330041609d7d9355.tar.bz2 hardened-docs-a111eb4d88394210be06e830330041609d7d9355.zip | |
Adding PaX boot parameters
Diffstat (limited to 'xml/hardenedfaq.xml')
| -rw-r--r-- | xml/hardenedfaq.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/xml/hardenedfaq.xml b/xml/hardenedfaq.xml index ae5c08d..c397440 100644 --- a/xml/hardenedfaq.xml +++ b/xml/hardenedfaq.xml @@ -523,6 +523,34 @@ hooks. </body> </section> + +<section id="paxbootparams"> +<title>Can I disable PaX features at boot?</title> +<body> + +<p> +Although this is not advised except when used to rescue the system or for +debugging purposes, it is posible to change a few of PaX behaviours on boot via +the kernel command line. +</p> + +<p> +Passing <c>pax_nouderef</c> in the kernel cmdline will disable uderef which can +cause problems on certain virtualization environments and cause some bugs (at +times) at the expense leaving the kernel unprotected against unwanted userspace +dereferences. +</p> + +<p> +Passing <c>pax_softmode=1</c> in the kernel cmdline will enable the softmode +which can be useful when booting a not prepared system with a PaX kernel. In +soft mode PaX will disable most features by default unless told otherwise via +the markings. In a similar way, <c>pax_softmode=0</c> will disable the softmode +if it was enabled in the config. +</p> + +</body> +</section> </chapter> <chapter> |