[systemd-devel] [PATCH] Split sysctl 50-default.conf setting file
Goffredo Baroncelli
kreijack at libero.it
Mon Dec 2 12:15:37 PST 2013
Hi all,
currently systemd contains a sysctl default setting in a file called
50-default.conf
The aim of this patch is to split the content of the sysctl setting in
more files to allow a more selective override.
My need is to enable all the sysrq key. Instead systemd defaults is to
disallow all sysrq keys except the sync one [1].
To do that, I would have to override the sysctl file
/usr/lib/sysctl.d/50-default.conf file,
putting a file with the same name in
/etc/sysctl.d
However this file contains other settings than the one which I want to
override; so I would lost any update of these other settings made by
upstream.
With this patch I am able to override only the setting related to the sysrq.
Please apply.
BR
G.Baroncelli
[1] For the record, I am against this kind of setting. I opened a bug
in debian (#725422), but it was suggested me to send a patch to upstream.
Of course it is in the systemd right to set whatever default it thinks sane.
Signed-off-by: Goffredo Baroncelli <kreijack at inwind.it>
---
Makefile.am | 4 +++-
sysctl.d/50-coredump.conf.in | 3 +++
sysctl.d/50-default.conf | 24 ------------------------
sysctl.d/50-default_fs.conf | 12 ++++++++++++
sysctl.d/50-default_kernel_sysrq.conf | 26 ++++++++++++++++++++++++++
sysctl.d/50-default_net.conf | 14 ++++++++++++++
6 files changed, 58 insertions(+), 25 deletions(-)
delete mode 100644 sysctl.d/50-default.conf
create mode 100644 sysctl.d/50-default_fs.conf
create mode 100644 sysctl.d/50-default_kernel_sysrq.conf
create mode 100644 sysctl.d/50-default_net.conf
diff --git a/Makefile.am b/Makefile.am
index 90874df..95087c6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -357,7 +357,9 @@ dist_zshcompletion_DATA = \
shell-completion/zsh/_systemd
dist_sysctl_DATA = \
- sysctl.d/50-default.conf
+ sysctl.d/50-default_kernel_sysrq.conf \
+ sysctl.d/50-default_net.conf \
+ sysctl.d/50-default_fs.conf
dist_systemunit_DATA = \
units/graphical.target \
diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
index d5795a3..1db1047 100644
--- a/sysctl.d/50-coredump.conf.in
+++ b/sysctl.d/50-coredump.conf.in
@@ -8,3 +8,6 @@
# See sysctl.d(5) and core(5) for for details.
kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %p %u %g %s %t %e
+
+# Append the PID to the core filename
+kernel.core_uses_pid = 1
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
deleted file mode 100644
index 46bae21..0000000
--- a/sysctl.d/50-default.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-# See sysctl.d(5) and core(5) for for details.
-
-# System Request functionality of the kernel (SYNC)
-kernel.sysrq = 16
-
-# Append the PID to the core filename
-kernel.core_uses_pid = 1
-
-# Source route verification
-net.ipv4.conf.default.rp_filter = 1
-
-# Do not accept source routing
-net.ipv4.conf.default.accept_source_route = 0
-
-# Enable hard and soft link protection
-fs.protected_hardlinks = 1
-fs.protected_symlinks = 1
diff --git a/sysctl.d/50-default_fs.conf b/sysctl.d/50-default_fs.conf
new file mode 100644
index 0000000..a2e7eb4
--- /dev/null
+++ b/sysctl.d/50-default_fs.conf
@@ -0,0 +1,12 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+# See sysctl.d(5) for for details.
+
+# Enable hard and soft link protection
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
diff --git a/sysctl.d/50-default_kernel_sysrq.conf
b/sysctl.d/50-default_kernel_sysrq.conf
new file mode 100644
index 0000000..a848745
--- /dev/null
+++ b/sysctl.d/50-default_kernel_sysrq.conf
@@ -0,0 +1,26 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+# See sysctl.d(5) for for details.
+
+# From Documentation/sysrq.txt: possible value to control which sysrq
+# could be invoked from keyboard
+#
+# 0 - disable sysrq completely
+# 1 - enable all functions of sysrq
+# >1 - bitmask of allowed sysrq functions (see below for detailed function
+# description):
+# 2 - enable control of console logging level
+# 4 - enable control of keyboard (SAK, unraw)
+# 8 - enable debugging dumps of processes etc.
+# 16 - enable sync command
+# 32 - enable remount read-only
+# 64 - enable signalling of processes (term, kill, oom-kill)
+# 128 - allow reboot/poweroff
+# 256 - allow nicing of all RT tasks
+
+kernel.sysrq = 16 # only enable sync command
diff --git a/sysctl.d/50-default_net.conf b/sysctl.d/50-default_net.conf
new file mode 100644
index 0000000..7459a23
--- /dev/null
+++ b/sysctl.d/50-default_net.conf
@@ -0,0 +1,14 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+# See sysctl.d(5) for for details.
+
+# Source route verification
+net.ipv4.conf.default.rp_filter = 1
+
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
-- 1.8.5 -- gpg @keyserver.linux.it: Goffredo Baroncelli
(kreijackATinwind.it>
Key fingerprint BBF5 1610 0B64 DAC6 5F7D 17B2 0EDA 9B37 8B82 E0B5
--
gpg @keyserver.linux.it: Goffredo Baroncelli (kreijackATinwind.it>
Key fingerprint BBF5 1610 0B64 DAC6 5F7D 17B2 0EDA 9B37 8B82 E0B5
More information about the systemd-devel
mailing list