Some patches might affect the work of the system, and we created a way to disable them.
This is done via sysctl
command.
When new patchset loads, KernelCare sysctl options get reset. To prevent that we added a file:
/etc/sysconfig/kcare/sysctl.conf
Options in this file will be loaded automatically on new patchset load.
To disable loading this options, specify:
LOAD_KCARE_SYSCTL=0
in /etc/sysconfig/kcare/kcare.conf
To disable the patch, set the corresponding kcare option to 1
.
Patches that can be disabled:
Patch | sysctl option |
CVE-2015-5157 | kcare_modify_ldt |