#!/bin/bash

## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -e

if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then
   ## pre.bsh would `source` the following folders:
   ## /etc/panic-on-oops_pre.d/*.conf
   ## /usr/local/etc/panic-on-oops_pre.d/*.conf
   source /usr/libexec/helper-scripts/pre.bsh
fi

## Makes the kernel immediately panic on both oopses and warnings.
## These settings force a full system crash rather than continuing
## to run after an inconsistent state is triggered by a potentially
## flawed processes. The reasons for the errors could be kernel
## exploit attempts but may also simply be general software bugs.
##
## https://docs.kernel.org/admin-guide/sysctl/kernel.html#oops-limit
sysctl kernel.oops_limit=1
## https://docs.kernel.org/admin-guide/sysctl/kernel.html#warn-limit
sysctl kernel.warn_limit=1

## Makes the system immediately reboot on the occurrence of a single
## kernel panic. This reduces the risk and impact of denial-of-service
## attacks and both cold and warm boot attacks.
##
## https://docs.kernel.org/admin-guide/sysctl/kernel.html#panic
sysctl kernel.panic=-1
