1 # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
2 kernel.kptr_restrict = 2
4 # Avoid kernel memory address exposures via dmesg.
5 kernel.dmesg_restrict = 1
7 # Improve KASLR effectiveness for mmap.
9 vm.mmap_rnd_compat_bits = 16