Hello community, here is the log from the commit of package procps for openSUSE:Factory checked in at Mon May 30 09:27:32 CEST 2011.
-------- --- procps/procps.changes 2011-05-05 17:52:21.000000000 +0200 +++ /mounts/work_src_done/STABLE/procps/procps.changes 2011-05-18 11:44:39.000000000 +0200 @@ -1,0 +2,7 @@ +Tue May 17 14:42:31 UTC 2011 - [email protected] + +- load sysctls earlier (bnc#664550) +- move distro defaults to /lib/sysctl.d to avoid .rpmnew files +- enable IPv6 privacy by default (bnc#678066) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- procps-3.2.8-add-system-switch.diff procps-3.2.8-implement-pattern-option.diff procps-3.2.8-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ procps.spec ++++++ --- /var/tmp/diff_new_pack.rPGtPm/_old 2011-05-30 09:24:16.000000000 +0200 +++ /var/tmp/diff_new_pack.rPGtPm/_new 2011-05-30 09:24:16.000000000 +0200 @@ -27,7 +27,7 @@ PreReq: %fillup_prereq %insserv_prereq AutoReqProv: on Version: 3.2.8 -Release: 30 +Release: 33 Summary: ps utilities for /proc Provides: ps Obsoletes: ps @@ -73,6 +73,9 @@ Patch36: procps-3.2.8.dif # bnc #649501, apparently the initialization is depending on linking order... Patch37: procps-3.2.8-fix-unknown-HZ.dif +Patch38: procps-3.2.8-add-system-switch.diff +Patch39: procps-3.2.8-implement-pattern-option.diff +Patch40: procps-3.2.8-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -138,6 +141,9 @@ %patch35 -p1 %patch36 %patch37 -p1 +%patch38 -p1 +%patch39 -p1 +%patch40 -p1 %build make %{?_smp_mflags} CFLAGS="-Wall -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $RPM_OPT_FLAGS -pipe" \ @@ -150,10 +156,12 @@ install -d $RPM_BUILD_ROOT/etc/init.d $RPM_BUILD_ROOT/etc/xinetd.d install -m 755 %SOURCE1 $RPM_BUILD_ROOT/etc/init.d install -m 644 %SOURCE2 $RPM_BUILD_ROOT/etc/xinetd.d/systat +install -d $RPM_BUILD_ROOT/lib/sysctl.d $RPM_BUILD_ROOT/etc/sysctl.d +install -m 644 %SOURCE3 $RPM_BUILD_ROOT/lib/sysctl.d/sysctl.conf case "$RPM_ARCH" in -s390*) install -m 644 %SOURCE4 $RPM_BUILD_ROOT/etc/sysctl.conf ;; -*) install -m 644 %SOURCE3 $RPM_BUILD_ROOT/etc/sysctl.conf ;; +s390*) install -m 644 %SOURCE4 $RPM_BUILD_ROOT/lib/sysctl.d/sysctl-s390.conf ;; esac + # clean unwanted files (coreutils) rm -f $RPM_BUILD_ROOT/bin/kill rm -f $RPM_BUILD_ROOT/usr/bin/uptime @@ -168,6 +176,8 @@ %post %{fillup_and_insserv -ny boot.sysctl boot.sysctl} +# +test -e /etc/sysctl.conf || > /etc/sysctl.conf %postun %insserv_cleanup @@ -176,7 +186,7 @@ %defattr (-,root,root,755) %doc NEWS README COPYING %config /etc/init.d/boot.sysctl -%config(noreplace) /etc/sysctl.conf +%config(noreplace) %ghost %attr(0644,root,root) /etc/sysctl.conf %config(noreplace) /etc/xinetd.d/systat /bin/ps /bin/pgrep @@ -195,6 +205,9 @@ /usr/bin/vmstat /usr/bin/w /usr/bin/watch +%dir /etc/sysctl.d +%dir /lib/sysctl.d +/lib/sysctl.d/*.conf %_mandir/man1/free.1.gz %_mandir/man1/pgrep.1.gz %_mandir/man1/pkill.1.gz ++++++ boot.sysctl ++++++ --- /var/tmp/diff_new_pack.rPGtPm/_old 2011-05-30 09:24:16.000000000 +0200 +++ /var/tmp/diff_new_pack.rPGtPm/_new 2011-05-30 09:24:16.000000000 +0200 @@ -1,51 +1,36 @@ #! /bin/sh # -# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. All rights reserved. +# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. +# Copyright (c) 2011 SUSE Linux Products GmbH Nuernberg, Germany. # # /etc/init.d/boot.sysctl # ### BEGIN INIT INFO # Provides: boot.sysctl -# Required-Start: boot.proc $local_fs -# Should-Start: setserial boot.isapnp -# Required-Stop: boot.proc $local_fs +# Required-Start: $null +# Should-Start: $null +# Required-Stop: $null # Should-Stop: $null # Default-Start: B # Default-Stop: -# Description: run sysctl with a given config file or create it +# Short-Description: Apply sysctl settings +# Description: Apply sysctl settings ### END INIT INFO -test -x /sbin/sysctl || exit 0 - . /etc/rc.status -. /etc/sysconfig/sysctl rc_reset case "$1" in start) - - # Load per-kernel defaults from /boot. This file is provided - # by the kernel package and will be replaced on update. - if test -e "/boot/sysctl.conf-$(uname -r)"; then - echo -n "Loading sysctl defaults from /boot/sysctl.conf-$(uname -r)" - sysctl -e -q -p /boot/sysctl.conf-$(uname -r) - rc_status -v -r - fi - # - # run sysctl if the config file exists - # otherwise generate it - # the values set here might be overridden by the settings - # in /etc/sysconfig/sysctl - # - if test ! -e /etc/sysctl.conf ; then - echo -n "Sysctl: no file /etc/sysctl.conf" - rc_failed 5 - else - echo -n "Setting current sysctl status from /etc/sysctl.conf" - sysctl -e -q -p /etc/sysctl.conf - fi + echo -n "Applying sysctl settings" + /sbin/sysctl -e -q --system rc_status -v -r + if [ -s /etc/sysconfig/sysctl -a -x /lib/aaa_base/convert_sysctl ]; then + echo -n " Warning: applying settings from obsolete /etc/sysconfig/sysctl" + /lib/aaa_base/convert_sysctl --stdout | sysctl -e -q -f - + rc_status -v -r + fi ;; stop) # skip / do nothing ++++++ procps-3.2.8-add-system-switch.diff ++++++ >From 45915cfc03fb82b68425445063a0bcebab1ff230 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Wed, 18 May 2011 08:16:39 +0200 Subject: [PATCH procps 1/3] add --system switch instead of requiring distributions to construct a loop around sysctl in boot scripts just scan a set of default directories if the --system switch is used. --- sysctl.c | 35 +++++++++++++++++++++++++++++++++++ 1 files changed, 35 insertions(+), 0 deletions(-) diff --git a/sysctl.c b/sysctl.c index 9be79ce..3445efe 100644 --- a/sysctl.c +++ b/sysctl.c @@ -453,6 +453,37 @@ static int Preload(const char *restrict const filename) { return rc; } +static int PreloadSystem(void) { + unsigned i; + const char* dirs[] = { + "/lib/sysctl.d", + "/usr/lib/sysctl.d", + "/usr/local/lib/sysctl.d", + "/etc/sysctl.d", + }; + for (i=0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { + struct dirent* de; + DIR* dp = opendir(dirs[i]); + if (!dp) + continue; + while (( de = readdir(dp) )) { + char buf[PATH_MAX]; + if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) { + continue; + } + if (strlen(de->d_name) < 6 || !strcmp(de->d_name+strlen(de->d_name)-6, ".conf")) + continue; + snprintf(buf, sizeof(buf), "%s/%s", dirs[i], de->d_name); + if (!Quiet) + printf("* Applying %s ...\n", buf); + Preload(buf); + } + closedir(dp); + } + if (!Quiet) + printf("* Applying %s ...\n", DEFAULT_PRELOAD); + return Preload(DEFAULT_PRELOAD); +} /* @@ -488,6 +519,10 @@ int main(int argc, char *argv[]) { fprintf(stdout, "sysctl (%s)\n",procps_version); exit(0); } + if (!strcmp("--system",*argv)) { + IgnoreError = true; + return PreloadSystem(); + } fprintf(stderr, ERR_UNKNOWN_PARAMETER, *argv); return Usage(me); } -- 1.7.3.4 ++++++ procps-3.2.8-implement-pattern-option.diff ++++++ >From b73ff507f616c74ac94e7b1bef2ce51fa9bb2806 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Wed, 18 May 2011 08:20:09 +0200 Subject: [PATCH procps 2/3] implement --pattern option Useful for e.g network hook scripts together with --system to only apply sysctls for a specific network interface. --- sysctl.8 | 14 ++++++++++++++ sysctl.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 0 deletions(-) diff --git a/sysctl.8 b/sysctl.8 index e26c4fb..9f6de65 100644 --- a/sysctl.8 +++ b/sysctl.8 @@ -64,6 +64,16 @@ Display all values currently available. .TP .B "-A" Display all values currently available in table form. +.TP +.B "--system" +Load settings from system configuration files (/lib/sysctl.d/*.conf, +/usr/lib/sysctl.d/*.conf, /usr/local/lib/sysctl.d/*.conf, +/etc/sysctl.d/*.conf, /etc/sysctl.conf) +.TP +.B "--pattern" PATTERN +Ignore settings that don't patch PATTERN. A star '*' is recognized +as wildcard. It matches strings until the next dot. '**' at the end +of the pattern matches until the end of the string. .SH EXAMPLES .TP /sbin/sysctl -a @@ -73,6 +83,10 @@ Display all values currently available in table form. /sbin/sysctl -w kernel.domainname="example.com" .TP /sbin/sysctl -p /etc/sysctl.conf +.TP +/sbin/sysctl --pattern 'net.ipv4.conf.*.forwarding' -a +.TP +/sbin/sysctl --pattern 'net.ipv6.**' --system .SH FILES .I /proc/sys .I /etc/sysctl.conf diff --git a/sysctl.c b/sysctl.c index 3445efe..b68170b 100644 --- a/sysctl.c +++ b/sysctl.c @@ -50,6 +50,7 @@ static bool PrintName; static bool PrintNewline; static bool IgnoreError; static bool Quiet; +static char* pattern; /* error messages */ static const char ERR_UNKNOWN_PARAMETER[] = "error: Unknown parameter \"%s\"\n"; @@ -63,6 +64,7 @@ static const char ERR_OPENING_DIR[] = "error: unable to open directory \"%s\"\n" static const char ERR_PRELOAD_FILE[] = "error: unable to open preload file \"%s\"\n"; static const char WARN_BAD_LINE[] = "warning: %s(%d): invalid syntax, continuing...\n"; +static int pattern_match(const char* name); static void slashdot(char *restrict p, char old, char new){ p = strpbrk(p,"/."); @@ -145,6 +147,10 @@ static int ReadSetting(const char *restrict const name) { outname = strdup(name); slashdot(outname,'/','.'); /* change / to . */ + if (pattern && !pattern_match(outname)){ + goto out; + } + if (stat(tmpname, &ts) < 0) { if (!IgnoreError) { perror(tmpname); @@ -391,7 +397,39 @@ out: return rc; } +static int pattern_match(const char* name) { + const char* p = pattern; + if (!p || !name) + return 0; + + while (*p && *name) { + if (*p == '*') { + ++p; + // collapse stars. if at end match rest of string + while (*p == '*') { + ++p; + if (!*p) + return 1; + } + while (*name) { + if (*name == '.') { + break; + } + ++name; + } + continue; + } + if (*p != *name) + return 0; + ++p; + ++name; + continue; + } + if (!*p && !*name) + return 1; + return 0; +} /* * Preload the sysctl's from the conf file @@ -435,6 +473,10 @@ static int Preload(const char *restrict const filename) { StripLeadingAndTrailingSpaces(name); + if (pattern && !pattern_match(name)){ + continue; + } + value = strtok(NULL, "\n\r"); if (!value || !*value) { fprintf(stderr, WARN_BAD_LINE, filename, n); @@ -523,6 +565,16 @@ int main(int argc, char *argv[]) { IgnoreError = true; return PreloadSystem(); } + if (!strcmp("--pattern",*argv)) { + ++argv; + if (*argv && **argv) { + pattern = strdup(*argv); + continue; + } else { + fprintf(stderr, "error: --pattern requires an argument\n"); + return 1; + } + } fprintf(stderr, ERR_UNKNOWN_PARAMETER, *argv); return Usage(me); } -- 1.7.3.4 ++++++ procps-3.2.8-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff ++++++ >From 40c2bfe16c9a9e9562c686afa9d6b7f754a5c8d9 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Tue, 17 May 2011 16:35:18 +0200 Subject: [PATCH procps 3/3] read sysctls also from /boot/sysctl.conf-$kernelversion --- sysctl.c | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/sysctl.c b/sysctl.c index b68170b..6967ca8 100644 --- a/sysctl.c +++ b/sysctl.c @@ -27,6 +27,7 @@ #include <unistd.h> #include <sys/stat.h> #include <sys/types.h> +#include <sys/utsname.h> #include <dirent.h> #include <string.h> #include <errno.h> @@ -497,12 +498,21 @@ static int Preload(const char *restrict const filename) { static int PreloadSystem(void) { unsigned i; + struct utsname uts; const char* dirs[] = { "/lib/sysctl.d", "/usr/lib/sysctl.d", "/usr/local/lib/sysctl.d", "/etc/sysctl.d", }; + if (uname(&uts) == 0) { + char buf[PATH_MAX]; + snprintf(buf, sizeof(buf), "/boot/sysctl.conf-%s", uts.release); + if (access(buf, R_OK) == 0) { + printf("* Applying %s ...\n", buf); + Preload(buf); + } + } for (i=0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) { struct dirent* de; DIR* dp = opendir(dirs[i]); -- 1.7.3.4 ++++++ sysctl.conf ++++++ --- /var/tmp/diff_new_pack.rPGtPm/_old 2011-05-30 09:24:16.000000000 +0200 +++ /var/tmp/diff_new_pack.rPGtPm/_new 2011-05-30 09:24:16.000000000 +0200 @@ -1,14 +1,44 @@ -# Disable response to broadcasts. -# You don't want yourself becoming a Smurf amplifier. +# +# Distribution defaults. +# Use /etc/sysctl.conf to override. +# +# Disable response to broadcast pings to avoid smurf attacks. net.ipv4.icmp_echo_ignore_broadcasts = 1 + # enable route verification on all interfaces net.ipv4.conf.all.rp_filter = 1 + +# avoid deleting secondary IPs on deleting the primary IP +net.ipv4.conf.default.promote_secondaries = 1 +net.ipv4.conf.all.promote_secondaries = 1 + # disable IPv6 completely #net.ipv6.conf.all.disable_ipv6 = 1 + # enable IPv6 forwarding #net.ipv6.conf.all.forwarding = 1 + +# enable IPv6 privacy (bnc#678066) +net.ipv6.conf.default.use_tempaddr = 2 + # increase the number of possible inotify(7) watches fs.inotify.max_user_watches = 65536 -# avoid deleting secondary IPs on deleting the primary IP -net.ipv4.conf.default.promote_secondaries = 1 -net.ipv4.conf.all.promote_secondaries = 1 + +# Magic SysRq Keys enable some control over the system even if it +# crashes (e.g. during kernel debugging). +# +# 0 - disable sysrq completely +# 1 - enable all functions of sysrq +# >1 - bitmask of allowed sysrq functions: +# 2 - enable control of console logging level +# 4 - enable control of keyboard (SAK, unraw) +# 8 - enable debugging dumps of processes etc. +# 16 - enable sync command +# 32 - enable remount read-only +# 64 - enable signalling of processes (term, kill, oom-kill) +# 128 - allow reboot/poweroff +# 256 - allow nicing of all RT tasks +# +# For further information see /usr/src/linux/Documentation/sysrq.txt +# default 176 = 128+32+16 +kernel.sysrq = 176 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
