Update 60-custom.just.readme.md to identify command inclusion (#320)

identify which kargs are applied by which ujust commands
2025-12-24 22:37:05 +00:00 · 2024-07-19 10:32:45 -08:00
parent 34759e24d2
commit e536efadc7
1 changed files with 7 additions and 4 deletions
--- a/config/files/usr/share/ublue-os/just/60-custom.just.readme.md
+++ b/config/files/usr/share/ublue-os/just/60-custom.just.readme.md
@@ -1,3 +1,4 @@
+## Included in set-kargs-hardening

 **Zero newly allocated pages and heaps, mitigating use-after-free vulnerabilities**

@@ -23,10 +24,6 @@

 `vsyscall=none` 

-**Disable debugfs to prevent exposure of sensitive kernel information**
-
-`debugfs=off` 
-
 **Enable kernel lockdown in the strictest mode**

 `lockdown=confidentiality` 
@@ -65,6 +62,12 @@

 `mitigations=auto,nosmt` 

+## Included in set-kargs-hardening-unstable
+
 **Fill IOMMU protection gap by setting the busmaster bit during early boot**

 `efi=disable_early_pci_dma`
+
+**Disable debugfs to prevent exposure of sensitive kernel information**
+
+`debugfs=off`