[arch-dev-public] [RFC] default sysctl settings

Rashif Ray Rahman schiv at archlinux.org
Mon Apr 1 17:22:39 EDT 2013


On 2 April 2013 03:19, Tom Gundersen <teg at jklm.no> wrote:
> Hi guys,
>
> As you may have noticed systemd ships a default sysctl config file as
> of v199 (/usr/lib/sysctl.d/50-default.conf). Rather than also ship an
> Arch-specific one (/etc/sysctl.conf), should we try to unify the two?
>
> I had a look a the differences:
>
> 1) kernel.sysrq:
>
> We set it to 'off', systemd enables the sync command (which should be safe).
>
> 2) net.ipv4.ip_forward
>
> We disable this, which is already the default in the kernel.
>
> 3) net.ipv4.tcp_syncookies
>
> We enable this. Are we sure this is the right thing to do by default?
> There appears to be lots of warnings about it.
>
> 4) net.ipv6.conf.all.forwarding
>
> We disable this. It appears to be disabled by default, or am I reading it wrong?
>
> In addition to these, systemd sets the following:
>
> kernel.core_uses_pid = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
> fs.protected_hardlinks = 1
> fs.protected_symlinks = 1
>
> Are we happy with that?

Those should be saner defaults, so +1 (until we get reports,
complaints and stuff).


--
GPG/PGP ID: C0711BF1


More information about the arch-dev-public mailing list