Documentation Disabling Some Patches
Some patches might affect the work of the system, and we created a way to disable them.
This is done via sysctl command.
When new patchset loads, KernelCare sysctl options get reset. To prevent that we added a file:
/etc/sysconfig/kcare/sysctl.conf
Options in this file will be loaded automatically on new patchset load.
To disable loading this options, specify:
LOAD_KCARE_SYSCTL=0 in /etc/sysconfig/kcare/kcare.conf
To disable the patch, set the corresponding kcare option to 1.
Patches that can be disabled:
| Patch | sysctl option |
| CVE-2015-5157 | kcare_modify_ldt |
