[thirdparty/systemd.git] / sysctl.d / 50-default.conf

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See sysctl.d(5) and core(5) for documentation.

# To override settings in this file, create a local file in /etc
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.

# System Request functionality of the kernel (SYNC)
#
# Use kernel.sysrq = 1 to allow all keys.
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list
# of values and keys.
kernel.sysrq = 16

# Append the PID to the core filename
kernel.core_uses_pid = 1

# Source route verification
net.ipv4.conf.all.rp_filter = 2

# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0

# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1

# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
# The upper limit is set to 2^31-1. Values greater than that get rejected by
# the kernel because of this definition in linux/include/net/ping.h:
#   #define GID_T_MAX (((gid_t)~0U) >> 1)
# That's not so bad because values between 2^31 and 2^32-1 are reserved on
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
-net.ipv4.ping_group_range = 0 2147483647

# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1

# Enable regular file and FIFO protection
fs.protected_regular = 1
fs.protected_fifos = 1
Commit	Line	Data
8f27a221 KS	1	# This file is part of systemd.
	2	#
	3	# systemd is free software; you can redistribute it and/or modify it
	4	# under the terms of the GNU Lesser General Public License as published by
	5	# the Free Software Foundation; either version 2.1 of the License, or
	6	# (at your option) any later version.
	7
61233823	8	# See sysctl.d(5) and core(5) for documentation.
16b65d7f ZJS	9
	10	# To override settings in this file, create a local file in /etc
	11	# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
	12	# there.
8f27a221	13
0f59fe51	14	# System Request functionality of the kernel (SYNC)
16b65d7f ZJS	15	#
16b65d7f ZJS	16	# Use kernel.sysrq = 1 to allow all keys.
bd9bb4ca PK	17	# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list
bd9bb4ca PK	18	# of values and keys.
0f59fe51 KS	19	kernel.sysrq = 16
0f59fe51 KS	20
8f27a221 KS	21	# Append the PID to the core filename
	22	kernel.core_uses_pid = 1
	23
	24	# Source route verification
230450d4	25	net.ipv4.conf.all.rp_filter = 2
8f27a221 KS	26
8f27a221 KS	27	# Do not accept source routing
1836bf9e	28	net.ipv4.conf.all.accept_source_route = 0
8f27a221	29
ad8bc9ea	30	# Promote secondary addresses when the primary address is removed
1836bf9e	31	net.ipv4.conf.all.promote_secondaries = 1
ad8bc9ea	32
0338934f LP	33	# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
	34	# The upper limit is set to 2^31-1. Values greater than that get rejected by
	35	# the kernel because of this definition in linux/include/net/ping.h:
	36	# #define GID_T_MAX (((gid_t)~0U) >> 1)
	37	# That's not so bad because values between 2^31 and 2^32-1 are reserved on
	38	# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
000500c9	39	-net.ipv4.ping_group_range = 0 2147483647
0338934f	40
e6c253e3 MS	41	# Fair Queue CoDel packet scheduler to fight bufferbloat
	42	net.core.default_qdisc = fq_codel
	43
8f27a221 KS	44	# Enable hard and soft link protection
	45	fs.protected_hardlinks = 1
	46	fs.protected_symlinks = 1
27325875 LW	47
	48	# Enable regular file and FIFO protection
	49	fs.protected_regular = 1
	50	fs.protected_fifos = 1