From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu, 8 Aug 2019 07:30:49 +0000 (+0200)
Subject: sysctl: add seperate sysctl-x86_64.conf and move x86_64 only parameters
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10dd2afd6d339247e5c918f53d1a7fcbb5c43ddb;p=people%2Fstevee%2Fipfire-2.x.git

sysctl: add seperate sysctl-x86_64.conf and move x86_64 only parameters

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/config/etc/sysctl-x86_64.conf b/config/etc/sysctl-x86_64.conf
new file mode 100644
index 0000000000..7384bed513
--- /dev/null
+++ b/config/etc/sysctl-x86_64.conf
@@ -0,0 +1,3 @@
+# Improve KASLR effectiveness for mmap
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 5a67f17955..9a943fffa8 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -45,10 +45,6 @@ kernel.kptr_restrict = 2
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
 
-# Improve KASLR effectiveness for mmap
-vm.mmap_rnd_bits = 32
-vm.mmap_rnd_compat_bits = 16
-
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns = 10000000
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 5999609ede..5b213c8dec 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -42,6 +42,7 @@ etc/profile.d/umask.sh
 etc/resolv.conf
 etc/securetty
 etc/sysctl.conf
+#etc/sysctl-x86_64.conf
 etc/syslog.conf
 etc/system-release
 #home
diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2
index 576d3f77b5..5734b45423 100644
--- a/config/rootfiles/common/x86_64/stage2
+++ b/config/rootfiles/common/x86_64/stage2
@@ -42,6 +42,7 @@ etc/profile.d/umask.sh
 etc/resolv.conf
 etc/securetty
 etc/sysctl.conf
+etc/sysctl-x86_64.conf
 etc/syslog.conf
 etc/system-release
 #home
diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files
index ec616e9176..4c5fdce6cc 100644
--- a/config/rootfiles/core/135/filelists/files
+++ b/config/rootfiles/core/135/filelists/files
@@ -9,6 +9,7 @@ etc/rc.d/init.d/functions
 etc/rc.d/init.d/leds
 etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/partresize
+etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/unbound
 etc/sysctl.conf
 usr/sbin/setup
diff --git a/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64
new file mode 100644
index 0000000000..0a9fd8a876
--- /dev/null
+++ b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64
@@ -0,0 +1 @@
+etc/sysctl-x86_64.conf
diff --git a/src/initscripts/system/sysctl b/src/initscripts/system/sysctl
index 0d0b5c1b31..296d589c59 100644
--- a/src/initscripts/system/sysctl
+++ b/src/initscripts/system/sysctl
@@ -24,6 +24,18 @@ case "${1}" in
 			sysctl -q -p
 			evaluate_retval
 		fi
+		arch=`uname -m`
+		case "${arch}" in
+			i?86 )	arch="i586";
+				;;
+			armv*)	arch="armv5tel":
+				;;
+		esac
+		if [ -f "/etc/sysctl-${arch}.conf" ]; then
+			boot_mesg "Setting ${arch}-kernel runtime parameters..."
+			sysctl -q -p /etc/sysctl-${arch}.conf
+			evaluate_retval
+		fi
 		;;
 
 	status)