On Thu, May 19, 2022 at 03:15:16AM -0000, Hellosway Here via devel wrote: > Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none ` as default kernel command line arguments. This can help prevent local exploits by making it harder to exploit the kernel. I do not think there will be any breakage, I have been using these for a long time. The performance impact is minimal, a few of these can improve performance. I don't know much about the other options, but vsyscalls=off can have a significant impact on performance of applications that frequently read the system clock. The whole point of that feature is performance. -- Miroslav Lichvar _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
