sysctl: add seperate sysctl-x86_64.conf and move x86_64 only parameters

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/config/etc/sysctl-x86_64.conf b/config/etc/sysctl-x86_64.conf
new file mode 100644 (file)
index 0000000..7384bed
--- /dev/null
+++ b/config/etc/sysctl-x86_64.conf
@@ -0,0 +1,3 @@
+# Improve KASLR effectiveness for mmap
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 5a67f179550f719ef67dad90206b665db70740d1..9a943fffa886430d4d45078f19f5b3dbc796bbb6 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -45,10 +45,6 @@ kernel.kptr_restrict = 2
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
 
-# Improve KASLR effectiveness for mmap
-vm.mmap_rnd_bits = 32
-vm.mmap_rnd_compat_bits = 16
-
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns = 10000000

diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 5999609eded0848e052cdf63cd2e84e64aa543c3..5b213c8dec9d48f453c907bac8857086c279afa9 100644 (file)
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -42,6 +42,7 @@ etc/profile.d/umask.sh
 etc/resolv.conf
 etc/securetty
 etc/sysctl.conf
+#etc/sysctl-x86_64.conf
 etc/syslog.conf
 etc/system-release
 #home

diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2
index 576d3f77b5d262bb2219a467f843aa4074149e8c..5734b454239d00ac00fcb54aea24dda576d61c1e 100644 (file)
--- a/config/rootfiles/common/x86_64/stage2
+++ b/config/rootfiles/common/x86_64/stage2
@@ -42,6 +42,7 @@ etc/profile.d/umask.sh
 etc/resolv.conf
 etc/securetty
 etc/sysctl.conf
+etc/sysctl-x86_64.conf
 etc/syslog.conf
 etc/system-release
 #home

diff --git a/config/rootfiles/core/135/filelists/files b/config/rootfiles/core/135/filelists/files
index ec616e917610ff88155c65d2f2d1e9ad1827dc31..4c5fdce6cc9c459e79d6d5547c3b7ebd8fe7129a 100644 (file)
--- a/config/rootfiles/core/135/filelists/files
+++ b/config/rootfiles/core/135/filelists/files
@@ -9,6 +9,7 @@ etc/rc.d/init.d/functions
 etc/rc.d/init.d/leds
 etc/rc.d/init.d/networking/red.down/05-remove-dns-forwarders
 etc/rc.d/init.d/partresize
+etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/unbound
 etc/sysctl.conf
 usr/sbin/setup

diff --git a/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64 b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64
new file mode 100644 (file)
index 0000000..0a9fd8a
--- /dev/null
+++ b/config/rootfiles/core/135/filelists/x86_64/sysctl-x86_64
@@ -0,0 +1 @@
+etc/sysctl-x86_64.conf

diff --git a/src/initscripts/system/sysctl b/src/initscripts/system/sysctl
index 0d0b5c1b315cece73bca677a148ee8ef44ec5b7b..296d589c59574dae39c5523e9f061cf51f053277 100644 (file)
--- a/src/initscripts/system/sysctl
+++ b/src/initscripts/system/sysctl
@@ -24,6 +24,18 @@ case "${1}" in
                        sysctl -q -p
                        evaluate_retval
                fi
+               arch=`uname -m`
+               case "${arch}" in
+                       i?86 )  arch="i586";
+                               ;;
+                       armv*)  arch="armv5tel":
+                               ;;
+               esac
+               if [ -f "/etc/sysctl-${arch}.conf" ]; then
+                       boot_mesg "Setting ${arch}-kernel runtime parameters..."
+                       sysctl -q -p /etc/sysctl-${arch}.conf
+                       evaluate_retval
+               fi
                ;;
 
        status)