{{Header}} {{title|title= panic-on-oops }} {{#seo: |description=Configure kernel panic behavior on oopses and warnings using panic-on-oops.service. }} {{kernel_mininav}} {{intro| panic-on-oops configures kernel behavior to panic on both kernel oopses and kernel warnings (WARN() path) by setting sysctl values late in the boot process using panic-on-oops.service. }} = Introduction = * What it does: panic-on-oops is a security feature that forces a reboot when the system’s kernel reports a serious problem, instead of letting it keep running in an unknown state. * What triggers it: When enabled, the kernel is configured to immediately trigger a kernel panic when a kernel "oops" or certain kernel warnings occur. * What you will see: A kernel panic in this configuration results in a sudden, forced, unexpected reboot. * Why it is useful: This is usually helpful because it avoids running in a potentially unsafe or unreliable state. * Possible issues: In some cases, it can cause problems, such as reboots triggered by buggy drivers or hardware issues. * Testing: For troubleshooting or testing, you can temporarily disable panic-on-oops. After testing, it is recommended to re-enable it. = Usage = Select {{gui}} or {{cli}}. {{Tab |type=controller |linkid=panic-on-oops-usage |content= {{Tab |title= == GUI == |content= [[System Maintenance Panel]] provides a button Toggle Panic-on-Oops. It launches: * /usr/libexec/sysmaint-panel/toggle-panic-on-oops This toggle script checks: * systemctl is-enabled panic-on-oops.service * If enabled: Disables and stops panic-on-oops.service. * If disabled: Enables and starts panic-on-oops.service. A visual confirmation about the If enabled: status (on or off) will be shown. TODO: add a screenshot for off TODO: add a screenshot for on }} {{Tab |title= == CLI == |content= === Check status === {{IconSet|h1|1}} Check whether the service is enabled. {{CodeSelect|code= systemctl is-enabled panic-on-oops.service }} {{IconSet|h1|2}} Check whether the service is active. {{CodeSelect|code= systemctl is-active panic-on-oops.service }} {{IconSet|h1|3}} Done. Service enablement and runtime status have been checked. === Enable or disable using systemd === {{IconSet|h1|1}} Enable and start the service. {{CodeSelect|code= sudo systemctl enable panic-on-oops.service sudo systemctl start panic-on-oops.service }} {{IconSet|h1|2}} Disable and stop the service. {{CodeSelect|code= sudo systemctl disable panic-on-oops.service sudo systemctl stop panic-on-oops.service }} {{IconSet|h1|3}} Done. The service has been enabled or disabled using systemd. }} }} = Development =
Click "Learn More" on the right to show Development details.
== Overview == Kernel sysctl documentation for oops_limit and warn_limit: [https://docs.kernel.org/admin-guide/sysctl/kernel.html#oops-limit docs.kernel.org: kernel sysctl oops-limit] and [https://docs.kernel.org/admin-guide/sysctl/kernel.html#warn-limit docs.kernel.org: kernel sysctl warn-limit] The security-misc-shared package ships: * A helper script: /usr/libexec/security-misc/panic-on-oops * A systemd unit: /usr/lib/systemd/system/panic-on-oops.service * GRUB hardening configuration referencing panic-on-oops: /etc/default/grub.d/40_kernel_hardening.cfg When enabled and started, panic-on-oops.service runs the helper script to apply sysctl settings: * kernel.oops_limit=1 * kernel.warn_limit=1 These settings make the kernel panic on the first occurrence of an oops and on the first kernel warning (WARN() path). This can improve security in some threat models, but can also increase denial-of-service risk and may panic due to buggy drivers. In addition, security-misc-shared enables: * kernel.panic=-1 (from /usr/lib/sysctl.d/990-security-misc.conf) This causes an immediate reboot after a kernel panic. == Helper script == /usr/libexec/security-misc/panic-on-oops supports two actions: * enable * disable On enable it sets: * kernel.oops_limit=1 * kernel.warn_limit=1 On disable it sets: * kernel.oops_limit=0 * kernel.warn_limit=0 The script sources /usr/libexec/helper-scripts/pre.bsh if available, which can source configuration snippets from: * /etc/panic-on-oops_pre.d/*.conf * /usr/local/etc/panic-on-oops_pre.d/*.conf For example, debug-misc ships a config snippet: /etc/panic-on-oops_pre.d/40_debug-misc.conf with the contents: 
## Disable panic-on-oops by package security-misc-shared.
exit 0
This causes the helper script to exit successfully before applying sysctl settings, effectively disabling the behavior while leaving the service unit itself unchanged. == systemd service == /usr/lib/systemd/system/panic-on-oops.service: * Is a Type=oneshot service with RemainAfterExit=yes * Applies settings at start: ** ExecStart=/usr/libexec/security-misc/panic-on-oops enable * Reverts settings at stop: ** ExecStop=/usr/libexec/security-misc/panic-on-oops disable It also includes: ConditionKernelCommandLine=!panic-on-oops=0 Meaning: if the kernel command line contains panic-on-oops=0, the service will be skipped. == sysmaint-boot.target == The sysmaint session target file contains a commented line: #Wants=panic-on-oops.service This indicates that panic-on-oops.service could be started as part of sysmaint sessions, but it is intentionally commented out in the shipped configuration.
= References = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]