On Mon, Dec 02, 2013 at 09:15:37PM +0100, Goffredo Baroncelli wrote: > Hi all, > > currently systemd contains a sysctl default setting in a file called > 50-default.conf > The aim of this patch is to split the content of the sysctl setting in > more files to allow a more selective override. Hi Goffredo, I think that the misunderstading is that you *can* override invidual settings. If you provide a file with a name higher in order, containing just sysctl.sysrq override, just this setting will be overriden.
BTW, Kay, why is the default so conservative here (sysrq only)? I would think that the general principle that the user who has physical access to the machine and can flip the power switch should be able to do various things which are disruptive, but not are not proviledge escalation (let's call them reboot-like). > +# 1 - enable all functions of sysrq > +# >1 - bitmask of allowed sysrq functions (see below for detailed function > +# description): > +# 2 - enable control of console logging level > +# 4 - enable control of keyboard (SAK, unraw) > +# 8 - enable debugging dumps of processes etc. > +# 16 - enable sync command > +# 32 - enable remount read-only > +# 64 - enable signalling of processes (term, kill, oom-kill) > +# 128 - allow reboot/poweroff > +# 256 - allow nicing of all RT tasks > + > +kernel.sysrq = 16 # only enable sync command Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
