You are viewing documentation for version 1.15.x.
The most current version is 1.26.x. This documentation is available for 1.26.x.
kernel
Settings related to the Linux kernel (
settings.kernel.*)Setting list for settings.kernel
Full Reference
settings.kernel.lockdown
Sets the mode for the lockdown Linux security module.
Warning
Changing this setting from confidentiality to integrity or integrity to none requires a reboot to take effect.
Default: integrity except for nvidia and dev variant flavours which use none
confidentiality: blocks most methods of reading kernel memory from userspace. Tools that rely on reading kernel memory may not work in this mode.integrity: blocks most methods for overwriting kernel memory or modifying kernel code. This mode prevents unsigned kernel modules from loading.none: disables protection by the Lockdown security module.
settings.kernel.modules.<name>.allowed
Allows (true) or disallows (false) the loading of kernel module <name>.
Warning
This setting only affects loading of kernel modules at boot time. Changing the setting of already loaded (running) kernel modules to false has no affect until reboot.
truefalse
[settings.kernel.modules.sctp]
allowed = false
[settings.kernel.modules.udf]
allowed = true
apiclient set settings.kernel.modules.sctp.allowed=false
apiclient set settings.kernel.modules.udf.allowed=true
settings.kernel.sysctl
Sets kernel parameters.
Note
Add quotes (") around keys as they often contain dots (.) as well as around values.
[settings.kernel.sysctl]
"user.max_user_namespaces" = "16384"
"vm.max_map_count" = "262144"