summaryrefslogtreecommitdiff
path: root/sysctl.d
Commit message (Collapse)AuthorAgeFilesLines
* meson: use jinja2 in sysctl.d/Zbigniew Jędrzejewski-Szmek2021-05-192-15/+9
|
* Add READMEs in all .d directoriesZbigniew Jędrzejewski-Szmek2021-03-262-0/+9
|
* sysctl.d: silence warning if net.core.default_qdisc cannot be setZbigniew Jędrzejewski-Szmek2021-02-191-1/+1
| | | | | Kernels can be compiled without the attribute. It's fine if this is not set, so silence the warning.
* tree-wide: fix links to systemd.io pagesZbigniew Jędrzejewski-Szmek2021-02-191-1/+1
| | | | | Having the extra slash at the end is not a problem, just inconsistent. But the links with .html or .md return 404.
* sysctl.d: shorten commentZbigniew Jędrzejewski-Szmek2021-01-151-9/+8
| | | | The grammar was a bit suspect in a few places...
* meson: add option to skip installing to $sysconfdirJörg Thalheim2020-11-121-2/+4
| | | | | | | | | | | | | | | | | | | | | This is useful for development where overwriting files out side the configured prefix will affect the host as well as stateless systems such as NixOS that don't let packages install to /etc but handle configuration on their own. Alternative to https://github.com/systemd/systemd/pull/17501 tested with: $ mkdir inst build && cd build $ meson \ -Dcreate-log-dirs=false \ -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \ -Dsysvinit-path=$(realpath ../inst)/etc/init.d \ -Drootprefix=$(realpath ../inst) \ -Dinstall-sysconfdir=false \ --prefix=$(realpath ../inst) .. $ ninja install
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* sysctl: set kernel.core_pipe_limit=16Lennart Poettering2020-10-131-0/+11
| | | | | | | | | | | | | | | | | | | | We need to make sure that our coredump pattern handler manages to read process metadata from /proc/$PID/ before the kernel reaps the crashed process. By default the kernel will reap the process as soon as it can. By setting kernel.core_pipe_limit to a non-zero the kernel will wait for userspace to finish before reaping. We'll set the value to 16, which allows 16 crashes to be processed in parallel. This matches the MaxConnections= setting in systemd-coredump.socket. See: #17301 (This doesn't close 17301, since we probably should also gracefully handle if /proc/$PID/ vanished already while our coredump handler runs, just in case people loclly set the sysctl back to zero. i.e. we should collect what we can and rather issue an incomplete log record than none.)
* sysctl: enable coredump for suid binariesZbigniew Jędrzejewski-Szmek2020-04-071-3/+18
| | | | | | | | | | | | | | | | Right now the kernel will not dump anything that went through setuid or setgid. But it is routine for daemons to do that, and it makes things hard to debug. systemd-coredump saves the coredump readable by the users the process was running as. This should be enough to avoid information leakage. So let's also tell the kernel to do the coredump. For https://bugzilla.redhat.com/show_bug.cgi?id=1790972. Both patterns are stored in the same file, so they are enabled or disabled together. (Though suid_dumpable=2 is supposed to be safe even when writing to plain files.)
* sysctl: set ipv4 settings in a race-free wayZbigniew Jędrzejewski-Szmek2020-02-041-0/+6
| | | | | | | | | | | Fixes #6282. This solution is a bit busy, but we close the race without setting *.all.*, so it is still possible to set a different setting for particular interfaces. Setting just "default" is not very useful because any interfaces present before systemd-sysctl is invoked are not affected. Setting "all" is too harsh, because the kernel takes the stronger of the device-specific setting and the "all" value, so effectively having a weaker setting for specific interfaces is not possible.
* Revert "sysctl: always write net.ipv4.conf.all.xyz= in addition to ↵Zbigniew Jędrzejewski-Szmek2020-01-301-3/+3
| | | | | | | | | net.ipv4.conf.default.xyz=" This reverts commits 1836bf9e1d70240c8079e4db4312309f4f1f91fd and 9fefb9e3cdebcefa681672423d23ccc72ae6c165. The race is reintroduced, and will be fixed later.
* sysctl: prefix ping port range setting with a dashLennart Poettering2019-07-261-1/+1
| | | | Fixes: #13177
* Revert "Revert "sysctl: Enable ping(8) inside rootless Podman containers""Lennart Poettering2019-07-261-0/+8
| | | | | | | This reverts commit be74f51605b4c7cb74fec3a50cd13b67598a8ac1. Let's add this again. With the new sysctl "-" thing we can make this work.
* Revert "sysctl: Enable ping(8) inside rootless Podman containers"Evgeny Vereshchagin2019-07-261-8/+0
| | | | | | This reverts commit 90ce7627dfe824ff6e7c0ca5f96350fbcfec7118. See https://github.com/systemd/systemd/issues/13177#issuecomment-514931461
* sysctl: Enable ping(8) inside rootless Podman containersDebarshi Ray2019-07-241-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | This makes ping(8) work without CAP_NET_ADMIN and CAP_NET_RAW because those aren't effective inside rootless Podman containers. It's quite useful when using OSTree based operating systems like Fedora Silverblue, where development environments are often set up using rootless Podman containers with helpers like Toolbox [1]. Not having a basic network utility like ping(8) work inside the development environment can be inconvenient. See: https://lwn.net/Articles/422330/ http://man7.org/linux/man-pages/man7/icmp.7.html https://github.com/containers/libpod/issues/1550 The upper limit of the range of group identifiers is set to 2147483647, which is 2^31-1. Values greater than that get rejected by the kernel because of this definition in linux/include/net/ping.h: #define GID_T_MAX (((gid_t)~0U) >> 1) That's not so bad because values between 2^31 and 2^32-1 are reserved on systemd-based systems anyway [2]. [1] https://github.com/debarshiray/toolbox [2] https://systemd.io/UIDS-GIDS.html#summary
* coredump: rely on /proc exclusively to get the name of the crashing processFranck Bui2019-06-261-1/+1
| | | | | | | | | | | | | | | | | | I couldn't see any reason why the kernel could provide COMM to the coredump handler via the core_pattern command line but could not make it available in /proc. So let's assume that this info is always available in /proc. For "backtrace" mode (when --backtrace option is passed), I assumed that the crashing process still exists at the time systemd-coredump is called. Also changing the core_pattern line is an API breakage for any users of the backtrace mode but given that systemd-coredump is installed in /usr/lib/systemd, it's a private tool which has no internal users. At least no one complained when the hostname was added to the core_pattern line (f45b8015513)... Indeed it's much easier to get it from /proc since the kernel substitutes '%e' specifier with multiple strings if the process name contains spaces (!).
* sysctl: bump pid range only on 64-bit systemsYu Watanabe2019-05-203-4/+23
| | | | Closes #12604.
* sysctl: let's by default increase the numeric PID range from 2^16 to 2^22Lennart Poettering2019-04-091-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | This should PID collisions a tiny bit less likely, and thus improve security and robustness. 2^22 isn't particularly a lot either, but it's the current kernel limitation. Bumping this limit was suggested by Linus himself: https://lwn.net/ml/linux-kernel/CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com/ Let's experiment with this in systemd upstream first. Downstreams and users can after all still comment this easily. Besides compat concern the most often heard issue with such high PIDs is usability, since they are potentially hard to type. I am not entirely sure though whether 4194304 (as largest new PID) is that much worse to type or to copy than 65563. This should also simplify management of per system tasks limits as by this move the sysctl /proc/sys/kernel/threads-max becomes the primary knob to control how many processes to have in parallel.
* Enable regular file and FIFO protectionLucas Werkmeister2019-01-161-0/+4
| | | | | | These sysctls were added in Linux 4.19 (torvalds/linux@30aba6656f), and we should enable them just like we enable the older hardlink/symlink protection since v199. Implements #11414.
* sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 to 2Lubomir Rintel2018-11-281-1/+1
| | | | | | | | | | | | | | | | | | | This switches the RFC3704 Reverse Path filtering from Strict mode to Loose mode. The Strict mode breaks some pretty common and reasonable use cases, such as keeping connections via one default route alive after another one appears (e.g. plugging an Ethernet cable when connected via Wi-Fi). The strict filter also makes it impossible for NetworkManager to do connectivity check on a newly arriving default route (it starts with a higher metric and is bumped lower if there's connectivity). Kernel's default is 0 (no filter), but a Loose filter is good enough. The few use cases where a Strict mode could make sense can easily override this. The distributions that don't care about the client use cases and prefer a strict filter could just ship a custom configuration in /usr/lib/sysctl.d/ to override this.
* Revert "sysctl.d: request ECN on both in and outgoing connections"Thomas Hindoe Paaboel Andersen2018-08-201-3/+0
| | | | | | | Turning on ECN still causes slow or broken network on linux. Our tcp is not yet ready for wide spread use of ECN. This reverts commit 919472741dba6ad0a3f6c2b76d390a02d0e2fdc3.
* Drop my copyright headersZbigniew Jędrzejewski-Szmek2018-06-141-2/+0
| | | | | | | perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
* tree-wide: beautify remaining copyright statementsLennart Poettering2018-06-141-1/+1
| | | | | | Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
* sysctl.d: request ECN on both in and outgoing connections (#9143)Thomas H. P. Andersen2018-05-311-0/+3
| | | | | | | | | | | | To further avoid bufferbloat Explicit Congestion Notification (ECN) should be enabled for both in and outgoing connections. The kernel default is to enable it when requested for incoming connections, but not to request it on outgoing connections. This patch enables it for both. A long time ago enabling these was causing problems, but these issues have since been dealt with. Fixes #9087.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* coredump: accept hostname on command line (#8033)Jakub Filak2018-02-151-1/+1
| | | | | | | | | | | | | | | | | | This commint adds a new command line parameter to sytemd-coredump. The parameter should be mappend to core_pattern's placeholder %h - hostname. The field _HOSTNAME holds the name from the kernel's namespaces which might be different then the one comming from process' namespaces. It is true that the real hostname is usually available in the field COREDUMP_ENVIRON (environment variables) but I believe it is more reliable to use the value passed by kernel. ---- The length of iovec is no longer static and hence I corrected the declarations of the functions set_iovec_field and set_iovec_field_free. Thank you @yuwata and @poettering!
* Do not set `net.ipv4.conf.default.*`Hristo Venev2017-12-051-3/+0
| | | | | | It is redundant because in these cases the values in `net.ipv4.conf.all.*` take precedence. Also, setting the `default` does nothing for devices that already exist.
* Add license headers and SPDX identifiers to meson.build filesZbigniew Jędrzejewski-Szmek2017-11-191-0/+17
| | | | | | | So far I avoided adding license headers to meson files, but they are pretty big and important and should carry license headers like everything else. I added my own copyright, even though other people modified those files too. But this is mostly symbolic, so I hope that's OK.
* build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-041-1/+1
| | | | | | | | | | | | | | | The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
* build-sys: drop gitignore patterns for in-tree buildsZbigniew Jędrzejewski-Szmek2017-07-181-1/+0
| | | | ... and other autotools-generated files.
* build-sys: drop automake supportZbigniew Jędrzejewski-Szmek2017-07-181-1/+0
| | | | | v2: - also mention m4
* meson: use booleans for conf.set and drop unecessary conditionalsZbigniew Jędrzejewski-Szmek2017-05-021-1/+1
| | | | | | | | | Using conf.set() with a boolean argument does the right thing: either #ifdef or #undef. This means that conf.set can be used unconditionally. Previously I used '1' as the placeholder value, and that needs to be changed to 'true' for consistency (under meson 1 cannot be used in boolean context). All checks need to be adjusted.
* meson: reindent all files with 8 spacesZbigniew Jędrzejewski-Szmek2017-04-231-11/+9
| | | | | | | The indentation for emacs'es meson-mode is added .dir-locals. All files are reindented automatically, using the lasest meson-mode from git. Indentation should now be fairly consistent.
* meson: use join_paths consistentlyMichael Biebl2017-04-231-1/+1
| | | | | With -Dsplit-usr=true, we set rootprefix to /. This leads to //lib/systemd or //lib/udev for various dir variables. Using join_paths() avoids this.
* meson: create dirs and touch /usrZbigniew Jędrzejewski-Szmek2017-04-231-0/+3
| | | | | | | | | This is the equivalent of $(INSTALL_DIRS) and install-touch-usr-hook. I did not bother to create the directories into which we install files, since they will be created anyway. v2: - remove bashism
* meson: build systemd using mesonZbigniew Jędrzejewski-Szmek2017-04-231-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's crucial that we can build systemd using VS2010! ... er, wait, no, that's not the official reason. We need to shed old systems by requring python 3! Oh, no, it's something else. Maybe we need to throw out 345 years of knowlege accumulated in autotools? Whatever, this new thing is cool and shiny, let's use it. This is not complete, I'm throwing it out here for your amusement and critique. - rules for sd-boot are missing. Those might be quite complicated. - rules for tests are missing too. Those are probably quite simple and repetitive, but there's lots of them. - it's likely that I didn't get all the conditions right, I only tested "full" compilation where most deps are provided and nothing is disabled. - busname.target and all .busname units are skipped on purpose. Otherwise, installation into $DESTDIR has the same list of files and the autoconf install, except for .la files. It'd be great if people had a careful look at all the library linking options. I added stuff until things compiled, and in the end there's much less linking then in the old system. But it seems that there's still a lot of unnecessary deps. meson has a `shared_module` statement, which sounds like something appropriate for our nss and pam modules. Unfortunately, I couldn't get it to work. For the nss modules, we need an .so version of '2', but `shared_module` disallows the version argument. For the pam module, it also didn't work, I forgot the reason. The handling of .m4 and .in and .m4.in files is rather awkward. It's likely that this could be simplified. If make support is ever dropped, I think it'd make sense to switch to a different templating system so that two different languages and not required, which would make everything simpler yet. v2: - use get_pkgconfig_variable - use sh not bash - use add_project_arguments v3: - drop required:true and fix progs/prog typo v4: - use find_library('bz2') - add TTY_GID definition - define __SANE_USERSPACE_TYPES__ - use join_paths(prefix, ...) is used on all paths to make them all absolute v5: - replace all declare_dependency's with [] - add more conf.get guards around optional components v6: - drop -pipe, -Wall which are the default in meson - use compiler.has_function() and compiler.has_header_symbol instead of the hand-rolled checks. - fix duplication in 'liblibsystemd' library name - use the right .sym file for pam_systemd - rename 'compiler' to 'cc': shorter, and more idiomatic. v7: - use ENABLE_ENVIRONMENT_D not HAVE_ENVIRONMENT_D - rename prefix to prefixdir, rootprefix to rootprefixdir ("prefix" is too common of a name and too easy to overwrite by mistake) - wrap more stuff with conf.get('ENABLE...') == 1 - use rootprefix=='/' and rootbindir as install_dir, to fix paths under split-usr==true. v8: - use .split() also for src/coredump. Now everything is consistent ;) - add rootlibdir option and use it on the libraries that require it v9: - indentation v10: - fix check for qrencode and libaudit v11: - unify handling of executable paths, provide options for all progs This makes the meson build behave slightly differently than the autoconf-based one, because we always first try to find the executable in the filesystem, and fall back to the default. I think different handling of loadkeys, setfont, and telinit was just a historical accident. In addition to checking in $PATH, also check /usr/sbin/, /sbin for programs. In Fedora $PATH includes /usr/sbin, (and /sbin is is a symlink to /usr/sbin), but in Debian, those directories are not included in the path. C.f. https://github.com/mesonbuild/meson/issues/1576. - call all the options 'xxx-path' for clarity. - sort man/rules/meson.build properly so it's stable
* sysctl.d: replace URL of SysRq key documentation (#5274)Peter Körner2017-02-081-1/+2
| | | | The kernel documentation page is not distribution specific and also more likely to be up to date than the Fedora wiki page referenced previously.
* treewide: fix typos and remove accidental repetition of wordsTorstein Husebø2016-07-111-1/+1
|
* coredump: honour RLIMIT_CORE when saving/processing coredumpsLennart Poettering2016-02-101-1/+1
| | | | | | | | With this change processing/saving of coredumps takes the RLIMIT_CORE resource limit of the crashing process into account, given the user control whether specific processes shall core dump or not, and how large to make the core dump. Note that this effectively disables core-dumping for now, as RLIMIT_CORE defaults to 0 (i.e. is disabled) for all system processes.
* sysctl: use %P instead of %p in core patternLennart Poettering2015-11-171-1/+1
| | | | | | | That way we'll get the PID on the host, rather than the one in a PID namespace. Which should make the coredump handler less confusing. Fixes #1930.
* core: bump net.unix.max_dgram_qlen really early during bootLennart Poettering2015-11-021-3/+0
| | | | | Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
* sysctl.d: bump number of queueable AF_UNIX/SOCK_DGRAM datagramsLennart Poettering2015-10-311-0/+3
| | | | | | | The default of 16 is pretty low, let's bump this to accomodate for more queued datagrams. This is useful for AF_UNIX/SOCK_DGRAM logging and sd_notify() sockets as this allows queuing more datagrams before things start to block, thus improving parallelization and logging performance.
* sysctl: add some hints how to override settingsZbigniew Jędrzejewski-Szmek2015-02-261-1/+8
| | | | | | | Also a link to decent documentation for sysrq keys. It is surprising hard to find. https://lists.fedoraproject.org/pipermail/devel/2015-February/208412.html
* sysctl.d: default to fq_codel, fight bufferbloatMichal Schmidt2014-10-201-0/+3
| | | | | | | | | | | | | | | | | | | | Quoting from Jon Corbet's report of Stephen Hemminger's talk at Linux Plumbers Conference 2014 (https://lwn.net/Articles/616241/): [...] So Stephen encouraged everybody to run a command like: sysctl -w net.core.default_qdisc=fq_codel That will cause fq_codel to be used for all future connections [Qdiscs apply to interfaces, not connections. Pointed out by TomH in the article comments. -- mschmidt] (up to the next reboot). Unfortunately, the default queuing discipline cannot be changed, since it will certainly disturb some user's workload somewhere. Let's have the recommended default in systemd. Thanks to Dave Täht for advice and the summary at https://lists.bufferbloat.net/pipermail/cerowrt-devel/2014-October/003701.html
* sysctl: always write net.ipv4.conf.all.xyz= in addition to ↵Lennart Poettering2014-08-151-0/+3
| | | | | | | | net.ipv4.conf.default.xyz= Otherwise we have a boot-time race, where interfaces that popped up after the sysctl service would get the settings applied, but all others wouldn't.
* sysctl.d: enable promote_secondaries by defaultTom Gundersen2014-07-251-0/+3
| | | | | | | | | | | | | | | Without this, secondary addresses would get deleted when the primary one is. This is not the desired behavior when one would like to transition from one address to another in the same subnet (such as when a new IP address is given over DHCP). In networkd, when given a new IP over DHCP we will add it, without explicitly removing the old one first (and hence never have a window without an IP address configured). Assuming the addresses are in the same subnet, that means that the old address is the primary and the new address is the secondary one. Once the old address expires, the kernel will drop it. With the old behavior this means that both addresses would be lost, which is clearly not what we want. With the new behavior, only the old address is lost, and the new one is promoted to primary. Reported by Michael Olbrich <m.olbrich@pengutronix.de>
* man: add systemd-coredump(8) and a bunch of linksZbigniew Jędrzejewski-Szmek2014-07-131-1/+3
|
* sysctl: default - add safe sysrq optionsKay Sievers2013-03-151-0/+3
|
* sysctl: add 50-default.confKay Sievers2013-03-152-1/+22
|
* sysctl: coredump.conf -> 50-coredump.confKay Sievers2013-03-151-0/+0
|