From 10dd2afd6d339247e5c918f53d1a7fcbb5c43ddb Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 8 Aug 2019 09:30:49 +0200 Subject: [PATCH] sysctl: add seperate sysctl-x86_64.conf and move x86_64 only parameters Signed-off-by: Arne Fitzenreiter --- config/etc/sysctl-x86_64.conf | 3 +++ config/etc/sysctl.conf | 4 ---- config/rootfiles/common/stage2 | 1 + config/rootfiles/common/x86_64/stage2 | 1 + config/rootfiles/core/135/filelists/files | 1 + .../core/135/filelists/x86_64/sysctl-x86_64 | 1 + src/initscripts/system/sysctl | 12 ++++++++++++ 7 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 config/etc/sysctl-x86_64.conf create mode 100644 config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 diff --git a/config/etc/sysctl-x86_64.conf b/config/etc/sysctl-x86_64.conf new file mode 100644 index 000000000..7384bed51 --- /dev/null +++ b/config/etc/sysctl-x86_64.conf @@ -0,0 +1,3 @@ +# Improve KASLR effectiveness for mmap +vm.mmap_rnd_bits = 32 +vm.mmap_rnd_compat_bits = 16 diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 5a67f1795..9a943fffa 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -45,10 +45,6 @@ kernel.kptr_restrict = 2 # Avoid kernel memory address exposures via dmesg. kernel.dmesg_restrict = 1 -# Improve KASLR effectiveness for mmap -vm.mmap_rnd_bits = 32 -vm.mmap_rnd_compat_bits = 16 - # Minimal preemption granularity for CPU-bound tasks: # (default: 1 msec# (1 + ilog(ncpus)), units: nanoseconds) kernel.sched_min_granularity_ns = 10000000 diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 5999609ed..5b213c8de 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -42,6 +42,7 @@ etc/profile.d/umask.sh etc/resolv.conf etc/securetty etc/sysctl.conf +#etc/sysctl-x86_64.conf etc/syslog.conf etc/system-release #home diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2 index 576d3f77b..5734b4542 100644 --- a/config/rootfiles/common/x86_64/stage2 +++ b/config/rootfiles/common/x86_64/stage2 @@ -42,6 +42,7 @@ etc/profile.d/umask.sh etc/resolv.conf etc/securetty etc/sysctl.conf +etc/sysctl-x86_64.conf etc/syslog.conf etc/system-release #home diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files index ec616e917..4c5fdce6c 100644 --- a/config/rootfiles/core/135/filelists/files +++ b/config/rootfiles/core/135/filelists/files @@ -9,6 +9,7 @@ etc/rc.d/init.d/functions etc/rc.d/init.d/leds etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders etc/rc.d/init.d/partresize +etc/rc.d/init.d/sysctl etc/rc.d/init.d/unbound etc/sysctl.conf usr/sbin/setup diff --git a/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 new file mode 100644 index 000000000..0a9fd8a87 --- /dev/null +++ b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 @@ -0,0 +1 @@ +etc/sysctl-x86_64.conf diff --git a/src/initscripts/system/sysctl b/src/initscripts/system/sysctl index 0d0b5c1b3..296d589c5 100644 --- a/src/initscripts/system/sysctl +++ b/src/initscripts/system/sysctl @@ -24,6 +24,18 @@ case "${1}" in sysctl -q -p evaluate_retval fi + arch=`uname -m` + case "${arch}" in + i?86 ) arch="i586"; + ;; + armv*) arch="armv5tel": + ;; + esac + if [ -f "/etc/sysctl-${arch}.conf" ]; then + boot_mesg "Setting ${arch}-kernel runtime parameters..." + sysctl -q -p /etc/sysctl-${arch}.conf + evaluate_retval + fi ;; status)