[arch-dev-public] [RFC] default sysctl settings

Tom Gundersen teg at jklm.no
Mon Apr 1 15:19:43 EDT 2013


Hi guys,

As you may have noticed systemd ships a default sysctl config file as
of v199 (/usr/lib/sysctl.d/50-default.conf). Rather than also ship an
Arch-specific one (/etc/sysctl.conf), should we try to unify the two?

I had a look a the differences:

1) kernel.sysrq:

We set it to 'off', systemd enables the sync command (which should be safe).

2) net.ipv4.ip_forward

We disable this, which is already the default in the kernel.

3) net.ipv4.tcp_syncookies

We enable this. Are we sure this is the right thing to do by default?
There appears to be lots of warnings about it.

4) net.ipv6.conf.all.forwarding

We disable this. It appears to be disabled by default, or am I reading it wrong?

In addition to these, systemd sets the following:

kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
fs.protected_hardlinks = 1
fs.protected_symlinks = 1

Are we happy with that?

Cheers,

Tom


More information about the arch-dev-public mailing list