diff options
-rw-r--r-- | nonsystemd/openrc/PKGBUILD | 6 | ||||
-rw-r--r-- | nonsystemd/openrc/sysctl.conf | 7 |
2 files changed, 11 insertions, 2 deletions
diff --git a/nonsystemd/openrc/PKGBUILD b/nonsystemd/openrc/PKGBUILD index 52b8a777a..7de97f713 100644 --- a/nonsystemd/openrc/PKGBUILD +++ b/nonsystemd/openrc/PKGBUILD @@ -10,7 +10,7 @@ pkgbase=openrc pkgname=('openrc' 'openrc-bash-completions' 'openrc-zsh-completions' 'openrc-init' 'openrc-sysvinit' 'openrc-net') pkgver=0.42.1 -pkgrel=6 +pkgrel=7 pkgdesc="Gentoo's universal init system" arch=('x86_64' 'i686' 'armv7h') url="https://github.com/OpenRC/openrc" @@ -36,7 +36,7 @@ sha256sums=('91a01ca6d930a0688fb91338209985de57cac7aa2d37feddacb78fd3d95308e2' '7de1e65f48ba31fc015cfb77be167b41aabdf0f20cb6617ecf3f4c3ca434c9e8' 'a3fda2186e023ae60c0e0d3806ffeb95effe675acea03cdfd0bf30e8f1c188d4' '28ec075d30096bd54499e994f76f8526460474f1e4c33607045c1a71b0684263' - '4170bcf3655ff6fb32b35fc592a4294a64d25df98d2f0f09f467689ed1ad54ea' + '860d5b9ae60e13633bd94023c222fa1ef918a02db3ce2e3255cdd6bb9eef047e' '28aa413fd78bca98bb23294eeb3f49149825a2c2f97a7ee10039385f5e8e50e9' '3ecbe7761b92a123a5a3d395ec3d9e090b0dfba7910a5987b4a2298c20a7e571' 'addb1bf115b811fba3d120f5c68535ec07f32a55e570b661f1e5575f74327bac' @@ -132,6 +132,8 @@ package_openrc() { -i ${pkgdir}/etc/conf.d/agetty # sysctl defaults + # upstream (systemd) default configuration can be found on github: + # https://raw.githubusercontent.com/systemd/systemd/master/sysctl.d/50-default.conf install -m755 "${srcdir}"/sysctl.conf "${pkgdir}"/usr/lib/sysctl.d/50-default.conf # pacman hooks diff --git a/nonsystemd/openrc/sysctl.conf b/nonsystemd/openrc/sysctl.conf index de238b937..e9df5c95a 100644 --- a/nonsystemd/openrc/sysctl.conf +++ b/nonsystemd/openrc/sysctl.conf @@ -19,6 +19,13 @@ net.ipv4.conf.all.accept_source_route = 0 # Promote secondary addresses when the primary address is removed net.ipv4.conf.all.promote_secondaries = 1 +# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW +# The upper limit is set to 2^31-1. Values greater than that get rejected by +# the kernel because of this definition in linux/include/net/ping.h: +# #define GID_T_MAX (((gid_t)~0U) >> 1) +# That's not so bad because values between 2^31 and 2^32-1 are reserved on +# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary +-net.ipv4.ping_group_range = 0 2147483647 # Fair Queue CoDel packet scheduler to fight bufferbloat net.core.default_qdisc = fq_codel |