Merge pull request #980 from justincormack/sysctl-rational

Combine sysctl configs
2025-07-24 19:28:09 +00:00 · 2017-01-10 16:08:15 +00:00 · 2017-01-10 16:08:15 +00:00 · 495dcf63c5
commit 495dcf63c5
parent 00d7656a29 d7508166bf
3 changed files with 11 additions and 9 deletions
--- a/alpine/etc/sysctl.d/01-moby.conf
+++ b/alpine/etc/sysctl.d/01-moby.conf
@ -1,3 +1,4 @@
+# general limits
 vm.max_map_count = 262144
 vm.overcommit_memory = 1
 net.core.somaxconn = 1024
@ -7,4 +8,13 @@ net.ipv4.neigh.default.gc_thresh3 = 32768
 fs.aio-max-nr = 1048576
 fs.inotify.max_user_watches = 524288
 fs.file-max = 524288
-kernel.random.write_wakeup_threshold = 3072
+# for rngd
+kernel.random.write_wakeup_threshold = 3072
+# security restrictions
+kernel.kptr_restrict = 2
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv6.conf.all.accept_redirects = 0
+net.ipv6.conf.default.accept_redirects = 0
+kernel.perf_event_paranoid = 3
--- a/alpine/etc/sysctl.d/02-lynis.conf
+++ b/alpine/etc/sysctl.d/02-lynis.conf
@ -1,6 +0,0 @@
-kernel.kptr_restrict = 2
-net.ipv4.conf.all.send_redirects = 0
-net.ipv4.conf.default.accept_redirects = 0
-net.ipv4.conf.default.accept_source_route = 0
-net.ipv6.conf.all.accept_redirects = 0
-net.ipv6.conf.default.accept_redirects = 0
--- a/alpine/etc/sysctl.d/03-kspp.conf
+++ b/alpine/etc/sysctl.d/03-kspp.conf
@ -1,2 +0,0 @@
-kernel.perf_event_paranoid = 3
-kernel.yama.ptrace_scope = 1