@@ -46,6 +46,60 @@ want to remove the default kernel packages, use
4646you will be able to remove the packages with
4747[ xbps-remove(1)] ( https://man.voidlinux.org/xbps-remove.1 ) .
4848
49+ ## cmdline
50+
51+ The kernel, the initial RAM disk (initrd) and some system programs can be
52+ configured at boot by kernel command line arguments. The parameters understood
53+ by the kernel are explained in the [ kernel-parameters
54+ documentation] ( https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html )
55+ and by [ bootparam(7)] ( https://man.voidlinux.org/bootparam.7 ) . Parameters
56+ understood by dracut can be found in
57+ [ dracut.cmdline(7)] ( https://man.voidlinux.org/dracut.cmdline.7 ) .
58+
59+ Once the system is booted, the current kernel command line parameters can be
60+ found in the ` /proc/cmdline ` file. Some system programs can change their
61+ behavior based on the parameters passed in the command line, which is what
62+ happens when [ booting a different
63+ runsvdir] ( ./services/index.md#booting-a-different-runsvdir ) , for example.
64+
65+ There are different ways of setting these parameters, some of which are
66+ explained below.
67+
68+ ### GRUB
69+
70+ Kernel command line arguments can be added through the GRUB bootloader by
71+ editing ` /etc/default/grub ` , changing the ` GRUB_CMDLINE_LINUX_DEFAULT ` variable
72+ and then running ` update-grub ` .
73+
74+ ### dracut
75+
76+ Dracut can be configured to add additional command line arguments to the kernel
77+ through a configuration file. The documentation for dracut's configuration files
78+ can be found in [ dracut.conf(5)] ( https://man.voidlinux.org/dracut.conf.5 ) . To
79+ apply these changes, it is necessary to [ regenerate] ( #kernel-hooks ) the
80+ initramfs.
81+
82+ ## Kernel hardening
83+
84+ Void Linux ships with some kernel security options enabled by default. This was
85+ originally provided by kernel command line arguments ` slub_debug=P page_poison=1 ` ,
86+ but since kernel series 5.3, these have been replaced with ` init_on_alloc ` and
87+ ` init_on_free ` (see [ this commit] ( https://github.com/torvalds/linux/commit/6471384af ) ).
88+
89+ Void's kernels come with the ` init_on_alloc ` option enabled by default where
90+ available (i.e. ` linux5.4 ` and greater). In most cases you should usually not
91+ disable it, as it has a fairly minimal impact on performance (within 1%). The
92+ ` init_on_free ` option is more expensive (around 5% on average) and needs to be
93+ enabled manually by passing ` init_on_free=1 ` on the kernel command line. If you
94+ need to disable ` init_on_alloc ` , you can do that similarly by passing
95+ ` init_on_alloc=0 ` .
96+
97+ There is a chance that your existing system still has the old options enabled.
98+ They still work in newer kernels, but have a performance impact more in line
99+ with ` init_on_free=1 ` . On older hardware this can be quite noticeable. If you
100+ are running a kernel series older than 5.4, you can keep them (or add them)
101+ for extra security at the cost of speed; otherwise you should remove them.
102+
49103## Kernel modules
50104
51105Kernel modules are typically drivers for devices or filesystems.
@@ -139,36 +193,3 @@ available modules can be listed by searching for `dkms` in the package
139193repositories.
140194
141195DKMS build logs are available in ` /var/lib/dkms/ ` .
142-
143- ## cmdline
144-
145- The kernel, the initial RAM disk (initrd) and some system programs can be
146- configured at boot by kernel command line arguments. The parameters understood
147- by the kernel are explained in the [ kernel-parameters
148- documentation] ( https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html )
149- and by [ bootparam(7)] ( https://man.voidlinux.org/bootparam.7 ) . Parameters
150- understood by dracut can be found in
151- [ dracut.cmdline(7)] ( https://man.voidlinux.org/dracut.cmdline.7 ) .
152-
153- Once the system is booted, the current kernel command line parameters can be
154- found in the ` /proc/cmdline ` file. Some system programs can change their
155- behavior based on the parameters passed in the command line, which is what
156- happens when [ booting a different
157- runsvdir] ( ./services/index.md#booting-a-different-runsvdir ) , for example.
158-
159- There are different ways of setting these parameters, some of which are
160- explained below.
161-
162- ### GRUB
163-
164- Kernel command line arguments can be added through the GRUB bootloader by
165- editing ` /etc/default/grub ` , changing the ` GRUB_CMDLINE_LINUX_DEFAULT ` variable
166- and then running ` update-grub ` .
167-
168- ### dracut
169-
170- Dracut can be configured to add additional command line arguments to the kernel
171- through a configuration file. The documentation for dracut's configuration files
172- can be found in [ dracut.conf(5)] ( https://man.voidlinux.org/dracut.conf.5 ) . To
173- apply these changes, it is necessary to [ regenerate] ( #kernel-hooks ) the
174- initramfs.
0 commit comments