This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via 10dd2afd6d339247e5c918f53d1a7fcbb5c43ddb (commit) from c0f4a530348101f7f75b4282471a1388fa1622e8 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 10dd2afd6d339247e5c918f53d1a7fcbb5c43ddb Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Aug 8 09:30:49 2019 +0200

sysctl: add seperate sysctl-x86_64.conf and move x86_64 only parameters

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

-----------------------------------------------------------------------

Summary of changes: config/etc/sysctl-x86_64.conf | 3 +++ config/etc/sysctl.conf | 4 ---- config/rootfiles/common/stage2 | 1 + config/rootfiles/common/x86_64/stage2 | 1 + config/rootfiles/core/135/filelists/files | 1 + config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 | 1 + src/initscripts/system/sysctl | 12 ++++++++++++ 7 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 config/etc/sysctl-x86_64.conf create mode 100644 config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64

Difference in files: diff --git a/config/etc/sysctl-x86_64.conf b/config/etc/sysctl-x86_64.conf new file mode 100644 index 000000000..7384bed51 --- /dev/null +++ b/config/etc/sysctl-x86_64.conf @@ -0,0 +1,3 @@ +# Improve KASLR effectiveness for mmap +vm.mmap_rnd_bits = 32 +vm.mmap_rnd_compat_bits = 16 diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 5a67f1795..9a943fffa 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -45,10 +45,6 @@ kernel.kptr_restrict = 2 # Avoid kernel memory address exposures via dmesg. kernel.dmesg_restrict = 1

-# Improve KASLR effectiveness for mmap -vm.mmap_rnd_bits = 32 -vm.mmap_rnd_compat_bits = 16 - # Minimal preemption granularity for CPU-bound tasks: # (default: 1 msec# (1 + ilog(ncpus)), units: nanoseconds) kernel.sched_min_granularity_ns = 10000000 diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 5999609ed..5b213c8de 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -42,6 +42,7 @@ etc/profile.d/umask.sh etc/resolv.conf etc/securetty etc/sysctl.conf +#etc/sysctl-x86_64.conf etc/syslog.conf etc/system-release #home diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2 index 576d3f77b..5734b4542 100644 --- a/config/rootfiles/common/x86_64/stage2 +++ b/config/rootfiles/common/x86_64/stage2 @@ -42,6 +42,7 @@ etc/profile.d/umask.sh etc/resolv.conf etc/securetty etc/sysctl.conf +etc/sysctl-x86_64.conf etc/syslog.conf etc/system-release #home diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files index ec616e917..4c5fdce6c 100644 --- a/config/rootfiles/core/135/filelists/files +++ b/config/rootfiles/core/135/filelists/files @@ -9,6 +9,7 @@ etc/rc.d/init.d/functions etc/rc.d/init.d/leds etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders etc/rc.d/init.d/partresize +etc/rc.d/init.d/sysctl etc/rc.d/init.d/unbound etc/sysctl.conf usr/sbin/setup diff --git a/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 new file mode 100644 index 000000000..0a9fd8a87 --- /dev/null +++ b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 @@ -0,0 +1 @@ +etc/sysctl-x86_64.conf diff --git a/src/initscripts/system/sysctl b/src/initscripts/system/sysctl index 0d0b5c1b3..296d589c5 100644 --- a/src/initscripts/system/sysctl +++ b/src/initscripts/system/sysctl @@ -24,6 +24,18 @@ case "${1}" in sysctl -q -p evaluate_retval fi + arch=`uname -m` + case "${arch}" in + i?86 ) arch="i586"; + ;; + armv*) arch="armv5tel": + ;; + esac + if [ -f "/etc/sysctl-${arch}.conf" ]; then + boot_mesg "Setting ${arch}-kernel runtime parameters..." + sysctl -q -p /etc/sysctl-${arch}.conf + evaluate_retval + fi ;;

status)

hooks/post-receive -- IPFire 2.x development tree