summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nonsystemd/openrc/PKGBUILD6
-rw-r--r--nonsystemd/openrc/sysctl.conf7
2 files changed, 11 insertions, 2 deletions
diff --git a/nonsystemd/openrc/PKGBUILD b/nonsystemd/openrc/PKGBUILD
index 52b8a777a..7de97f713 100644
--- a/nonsystemd/openrc/PKGBUILD
+++ b/nonsystemd/openrc/PKGBUILD
@@ -10,7 +10,7 @@ pkgbase=openrc
pkgname=('openrc' 'openrc-bash-completions' 'openrc-zsh-completions'
'openrc-init' 'openrc-sysvinit' 'openrc-net')
pkgver=0.42.1
-pkgrel=6
+pkgrel=7
pkgdesc="Gentoo's universal init system"
arch=('x86_64' 'i686' 'armv7h')
url="https://github.com/OpenRC/openrc"
@@ -36,7 +36,7 @@ sha256sums=('91a01ca6d930a0688fb91338209985de57cac7aa2d37feddacb78fd3d95308e2'
'7de1e65f48ba31fc015cfb77be167b41aabdf0f20cb6617ecf3f4c3ca434c9e8'
'a3fda2186e023ae60c0e0d3806ffeb95effe675acea03cdfd0bf30e8f1c188d4'
'28ec075d30096bd54499e994f76f8526460474f1e4c33607045c1a71b0684263'
- '4170bcf3655ff6fb32b35fc592a4294a64d25df98d2f0f09f467689ed1ad54ea'
+ '860d5b9ae60e13633bd94023c222fa1ef918a02db3ce2e3255cdd6bb9eef047e'
'28aa413fd78bca98bb23294eeb3f49149825a2c2f97a7ee10039385f5e8e50e9'
'3ecbe7761b92a123a5a3d395ec3d9e090b0dfba7910a5987b4a2298c20a7e571'
'addb1bf115b811fba3d120f5c68535ec07f32a55e570b661f1e5575f74327bac'
@@ -132,6 +132,8 @@ package_openrc() {
-i ${pkgdir}/etc/conf.d/agetty
# sysctl defaults
+ # upstream (systemd) default configuration can be found on github:
+ # https://raw.githubusercontent.com/systemd/systemd/master/sysctl.d/50-default.conf
install -m755 "${srcdir}"/sysctl.conf "${pkgdir}"/usr/lib/sysctl.d/50-default.conf
# pacman hooks
diff --git a/nonsystemd/openrc/sysctl.conf b/nonsystemd/openrc/sysctl.conf
index de238b937..e9df5c95a 100644
--- a/nonsystemd/openrc/sysctl.conf
+++ b/nonsystemd/openrc/sysctl.conf
@@ -19,6 +19,13 @@ net.ipv4.conf.all.accept_source_route = 0
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1
+# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
+# The upper limit is set to 2^31-1. Values greater than that get rejected by
+# the kernel because of this definition in linux/include/net/ping.h:
+# #define GID_T_MAX (((gid_t)~0U) >> 1)
+# That's not so bad because values between 2^31 and 2^32-1 are reserved on
+# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
+-net.ipv4.ping_group_range = 0 2147483647
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel