From d7508166bfb5121e33aa2cb5eb4429419db31474 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Tue, 10 Jan 2017 11:40:36 +0000
Subject: [PATCH] Combine sysctl configs

Where the suggestions came from is not that useful, just have a
single file for the main ones and then distro specific versions.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 alpine/etc/sysctl.d/01-moby.conf  | 12 +++++++++++-
 alpine/etc/sysctl.d/02-lynis.conf |  6 ------
 alpine/etc/sysctl.d/03-kspp.conf  |  2 --
 3 files changed, 11 insertions(+), 9 deletions(-)
 delete mode 100644 alpine/etc/sysctl.d/02-lynis.conf
 delete mode 100644 alpine/etc/sysctl.d/03-kspp.conf

diff --git a/alpine/etc/sysctl.d/01-moby.conf b/alpine/etc/sysctl.d/01-moby.conf
index 6d1f80454..c12355ac1 100644
--- a/alpine/etc/sysctl.d/01-moby.conf
+++ b/alpine/etc/sysctl.d/01-moby.conf
@@ -1,3 +1,4 @@
+# general limits
 vm.max_map_count = 262144
 vm.overcommit_memory = 1
 net.core.somaxconn = 1024
@@ -7,4 +8,13 @@ net.ipv4.neigh.default.gc_thresh3 = 32768
 fs.aio-max-nr = 1048576
 fs.inotify.max_user_watches = 524288
 fs.file-max = 524288
-kernel.random.write_wakeup_threshold = 3072
\ No newline at end of file
+# for rngd
+kernel.random.write_wakeup_threshold = 3072
+# security restrictions
+kernel.kptr_restrict = 2
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv6.conf.all.accept_redirects = 0
+net.ipv6.conf.default.accept_redirects = 0
+kernel.perf_event_paranoid = 3
diff --git a/alpine/etc/sysctl.d/02-lynis.conf b/alpine/etc/sysctl.d/02-lynis.conf
deleted file mode 100644
index 276150e1e..000000000
--- a/alpine/etc/sysctl.d/02-lynis.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-kernel.kptr_restrict = 2
-net.ipv4.conf.all.send_redirects = 0
-net.ipv4.conf.default.accept_redirects = 0
-net.ipv4.conf.default.accept_source_route = 0
-net.ipv6.conf.all.accept_redirects = 0
-net.ipv6.conf.default.accept_redirects = 0
\ No newline at end of file
diff --git a/alpine/etc/sysctl.d/03-kspp.conf b/alpine/etc/sysctl.d/03-kspp.conf
deleted file mode 100644
index 76c9e7a86..000000000
--- a/alpine/etc/sysctl.d/03-kspp.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-kernel.perf_event_paranoid = 3
-kernel.yama.ptrace_scope = 1
\ No newline at end of file