[arch-dev-public] [RFC] default sysctl settings
Tom Gundersen
teg at jklm.no
Mon Apr 1 15:19:43 EDT 2013
Hi guys,
As you may have noticed systemd ships a default sysctl config file as
of v199 (/usr/lib/sysctl.d/50-default.conf). Rather than also ship an
Arch-specific one (/etc/sysctl.conf), should we try to unify the two?
I had a look a the differences:
1) kernel.sysrq:
We set it to 'off', systemd enables the sync command (which should be safe).
2) net.ipv4.ip_forward
We disable this, which is already the default in the kernel.
3) net.ipv4.tcp_syncookies
We enable this. Are we sure this is the right thing to do by default?
There appears to be lots of warnings about it.
4) net.ipv6.conf.all.forwarding
We disable this. It appears to be disabled by default, or am I reading it wrong?
In addition to these, systemd sets the following:
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
Are we happy with that?
Cheers,
Tom
More information about the arch-dev-public
mailing list