Then we need to update at same time debug-misc + documentation.
Have you tested that? A number of software uses databases behind the scenes like mediawiki and discourse and bringing them to a crawl would destroy the usecase. Some IM clients use dbs too.
As long as documented then at least they will have a clue what needs to be done.
What do you think?
This one is fine.
kernel.perf_event_paranoid=3 requires a kernel patch but some distros (such as Debian) includes this by default. If the patch isn’t used then it’ll be the same as setting it to 2.
Interesting tool, anything that can contributed to it?
Was posted here: kernel recompilation for better hardening
That comment needs an update.
debian bug report: Please reconsider enabling the user namespaces by default
It seems that next debian version will have unpriv user ns by default.
Related to Linux kernel user namespaces:
kernel.unprivileged_userns_clone=1 in Debian
bullseye and above.
bubblewrap will be no longer suid by default.
What do we do with
apt-cache show security-misc, potentially packages.debian.org APT package repository web interface for deb.whonix.org) and
debian/control so it doesn’t have to be duplicated? Delete / avoid creation of
I think it should just contain a basic description and a link to the Github repository for more detailed information.