From 19f4f86bfed21c5326ed2acebe1163f3a83e832b Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 6 May 2024 04:25:50 +0200
Subject: Adding upstream version 241.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 sysctl.d/50-coredump.conf.in | 12 ++++++++++++
 sysctl.d/50-default.conf     | 42 ++++++++++++++++++++++++++++++++++++++++++
 sysctl.d/meson.build         | 23 +++++++++++++++++++++++
 3 files changed, 77 insertions(+)
 create mode 100644 sysctl.d/50-coredump.conf.in
 create mode 100644 sysctl.d/50-default.conf
 create mode 100644 sysctl.d/meson.build

(limited to 'sysctl.d')

diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
new file mode 100644
index 0000000..ccd5c2c
--- /dev/null
+++ b/sysctl.d/50-coredump.conf.in
@@ -0,0 +1,12 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See sysctl.d(5) for the description of the files in this directory,
+# and systemd-coredump(8) and core(5) for the explanation of the
+# setting below.
+
+kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h %e
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
new file mode 100644
index 0000000..27084f6
--- /dev/null
+++ b/sysctl.d/50-default.conf
@@ -0,0 +1,42 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See sysctl.d(5) and core(5) for documentation.
+
+# To override settings in this file, create a local file in /etc
+# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
+# there.
+
+# System Request functionality of the kernel (SYNC)
+#
+# Use kernel.sysrq = 1 to allow all keys.
+# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list
+# of values and keys.
+kernel.sysrq = 16
+
+# Append the PID to the core filename
+kernel.core_uses_pid = 1
+
+# Source route verification
+net.ipv4.conf.all.rp_filter = 2
+
+# Do not accept source routing
+net.ipv4.conf.all.accept_source_route = 0
+
+# Promote secondary addresses when the primary address is removed
+net.ipv4.conf.all.promote_secondaries = 1
+
+# Fair Queue CoDel packet scheduler to fight bufferbloat
+net.core.default_qdisc = fq_codel
+
+# Enable hard and soft link protection
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
+
+# Enable regular file and FIFO protection
+fs.protected_regular = 1
+fs.protected_fifos = 1
diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build
new file mode 100644
index 0000000..64f6ce9
--- /dev/null
+++ b/sysctl.d/meson.build
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: LGPL-2.1+
+
+install_data(
+        '50-default.conf',
+        install_dir : sysctldir)
+
+in_files = []
+
+if conf.get('ENABLE_COREDUMP') == 1
+        in_files += ['50-coredump.conf']
+endif
+
+foreach file : in_files
+        gen = configure_file(
+                input : file + '.in',
+                output : file,
+                configuration : substs)
+        install_data(gen,
+                     install_dir : sysctldir)
+endforeach
+
+meson.add_install_script('sh', '-c',
+                         mkdir_p.format(join_paths(sysconfdir, 'sysctl.d')))
-- 
cgit v1.2.3