Hi all, currently systemd contains a sysctl default setting in a file called 50-default.conf The aim of this patch is to split the content of the sysctl setting in more files to allow a more selective override.
My need is to enable all the sysrq key. Instead systemd defaults is to disallow all sysrq keys except the sync one [1]. To do that, I would have to override the sysctl file /usr/lib/sysctl.d/50-default.conf file, putting a file with the same name in /etc/sysctl.d However this file contains other settings than the one which I want to override; so I would lost any update of these other settings made by upstream. With this patch I am able to override only the setting related to the sysrq. Please apply. BR G.Baroncelli [1] For the record, I am against this kind of setting. I opened a bug in debian (#725422), but it was suggested me to send a patch to upstream. Of course it is in the systemd right to set whatever default it thinks sane. Signed-off-by: Goffredo Baroncelli <kreij...@inwind.it> --- Makefile.am | 4 +++- sysctl.d/50-coredump.conf.in | 3 +++ sysctl.d/50-default.conf | 24 ------------------------ sysctl.d/50-default_fs.conf | 12 ++++++++++++ sysctl.d/50-default_kernel_sysrq.conf | 26 ++++++++++++++++++++++++++ sysctl.d/50-default_net.conf | 14 ++++++++++++++ 6 files changed, 58 insertions(+), 25 deletions(-) delete mode 100644 sysctl.d/50-default.conf create mode 100644 sysctl.d/50-default_fs.conf create mode 100644 sysctl.d/50-default_kernel_sysrq.conf create mode 100644 sysctl.d/50-default_net.conf diff --git a/Makefile.am b/Makefile.am index 90874df..95087c6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -357,7 +357,9 @@ dist_zshcompletion_DATA = \ shell-completion/zsh/_systemd dist_sysctl_DATA = \ - sysctl.d/50-default.conf + sysctl.d/50-default_kernel_sysrq.conf \ + sysctl.d/50-default_net.conf \ + sysctl.d/50-default_fs.conf dist_systemunit_DATA = \ units/graphical.target \ diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in index d5795a3..1db1047 100644 --- a/sysctl.d/50-coredump.conf.in +++ b/sysctl.d/50-coredump.conf.in @@ -8,3 +8,6 @@ # See sysctl.d(5) and core(5) for for details. kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %p %u %g %s %t %e + +# Append the PID to the core filename +kernel.core_uses_pid = 1 diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf deleted file mode 100644 index 46bae21..0000000 --- a/sysctl.d/50-default.conf +++ /dev/null @@ -1,24 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -# See sysctl.d(5) and core(5) for for details. - -# System Request functionality of the kernel (SYNC) -kernel.sysrq = 16 - -# Append the PID to the core filename -kernel.core_uses_pid = 1 - -# Source route verification -net.ipv4.conf.default.rp_filter = 1 - -# Do not accept source routing -net.ipv4.conf.default.accept_source_route = 0 - -# Enable hard and soft link protection -fs.protected_hardlinks = 1 -fs.protected_symlinks = 1 diff --git a/sysctl.d/50-default_fs.conf b/sysctl.d/50-default_fs.conf new file mode 100644 index 0000000..a2e7eb4 --- /dev/null +++ b/sysctl.d/50-default_fs.conf @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See sysctl.d(5) for for details. + +# Enable hard and soft link protection +fs.protected_hardlinks = 1 +fs.protected_symlinks = 1 diff --git a/sysctl.d/50-default_kernel_sysrq.conf b/sysctl.d/50-default_kernel_sysrq.conf new file mode 100644 index 0000000..a848745 --- /dev/null +++ b/sysctl.d/50-default_kernel_sysrq.conf @@ -0,0 +1,26 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See sysctl.d(5) for for details. + +# From Documentation/sysrq.txt: possible value to control which sysrq +# could be invoked from keyboard +# +# 0 - disable sysrq completely +# 1 - enable all functions of sysrq +# >1 - bitmask of allowed sysrq functions (see below for detailed function +# description): +# 2 - enable control of console logging level +# 4 - enable control of keyboard (SAK, unraw) +# 8 - enable debugging dumps of processes etc. +# 16 - enable sync command +# 32 - enable remount read-only +# 64 - enable signalling of processes (term, kill, oom-kill) +# 128 - allow reboot/poweroff +# 256 - allow nicing of all RT tasks + +kernel.sysrq = 16 # only enable sync command diff --git a/sysctl.d/50-default_net.conf b/sysctl.d/50-default_net.conf new file mode 100644 index 0000000..7459a23 --- /dev/null +++ b/sysctl.d/50-default_net.conf @@ -0,0 +1,14 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See sysctl.d(5) for for details. + +# Source route verification +net.ipv4.conf.default.rp_filter = 1 + +# Do not accept source routing +net.ipv4.conf.default.accept_source_route = 0 -- 1.8.5 -- gpg @keyserver.linux.it: Goffredo Baroncelli (kreijackATinwind.it> Key fingerprint BBF5 1610 0B64 DAC6 5F7D 17B2 0EDA 9B37 8B82 E0B5 -- gpg @keyserver.linux.it: Goffredo Baroncelli (kreijackATinwind.it> Key fingerprint BBF5 1610 0B64 DAC6 5F7D 17B2 0EDA 9B37 8B82 E0B5 _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel