You are viewing documentation for version 1.25.x. The most current version is 1.49.x.  This documentation is available for 1.49.x.

kernel

Settings related to the Linux kernel (settings.kernel.*)

Setting list for settings.kernel

Full Reference

settings.kernel.lockdown

Sets the mode for the lockdown Linux security module.

Default: integrity except for nvidia and dev variant flavours which use none

Accepted values:
  • confidentiality : blocks most methods of reading kernel memory from userspace. Tools that rely on reading kernel memory may not work in this mode.
  • integrity : blocks most methods for overwriting kernel memory or modifying kernel code. This mode prevents unsigned kernel modules from loading.
  • none : disables protection by the Lockdown security module.
Also see: 

settings.kernel.modules.<name>.allowed

Allows (true) or disallows (false) the loading of kernel module <name>.

Accepted values:
  • true
  • false
[settings.kernel.modules.sctp]
allowed = false

[settings.kernel.modules.udf]
allowed = true

apiclient set settings.kernel.modules.sctp.allowed=false

apiclient set settings.kernel.modules.udf.allowed=true
Also see: 

settings.kernel.modules.<name>.autoload

If true, the kernel <name> module loads automatically on boot.

Accepted values:
  • true
  • false
[settings.kernel.modules.ip_vs_lc]
allowed = true
autoload = true

apiclient set settings.kernel.modules.ip_vs_lc.allowed=true settings.kernel.modules.ip_vs_lc.autoload=true
Also see: 

settings.kernel.sysctl

Sets kernel parameters.

[settings.kernel.sysctl]
"user.max_user_namespaces" = "16384"
"vm.max_map_count" = "262144"
Also see: