Some of the descriptions of sysctl parameters are mixed up and wrong:
kernel.core_uses_pid Block USB devices
kernel.ctrl-alt-del Disable access to dmesg for unprivileged users
kernel.dmesg_restrict Disable kexec to prevent kernel livepatching
kernel.kptr_restrict Restrict access to kernel logs
The official docs are surprisingly friendly and helpful! This is a great demonstration of the value of reference docs beyond whatever is in the source code.
I've been playing with QEMU a lot lately. Early on I encountered a fairly fundamental problem: how do you pass arbitrary data to a booting Linux system? I ended up discovering fw_cfg[0], but it feels pretty janky for this purpose and didn't seem to work for larger files like executables. Anyone aware of a better way?
This isn't a perfect approach, but I've had pretty decent results with QEMU's virtfs for passing data into a QEMU VM (assuming your guest kernel is compiled with support for it).
QEMU's -virtfs option maps a folder on your host to a virtual filesystem. Inside your guest, you can mount the filesystem (assuming your kernel has CONFIG_NET_9P and CONFIG_NET_9P_VIRTIO enabled) and use it however you want.
You can hook up the virtual serial port to stdin/stdout of the host by passing `-serial stdio` or `-nographic` in the QEMU args. You can then read from/write to the serial port in the VM.
The article seems to mostly exist to be a showcase for Falco, which apparently is some sort of file change security monitor.