diff --git a/blueprints/docker-for-mac/base.yml b/blueprints/docker-for-mac/base.yml index bde117d88..b05d84c9f 100644 --- a/blueprints/docker-for-mac/base.yml +++ b/blueprints/docker-for-mac/base.yml @@ -12,7 +12,7 @@ onboot: - name: metadata image: linuxkit/metadata:f5d4299909b159db35f72547e4ae70bd76c42c6c - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: sysfs image: linuxkit/sysfs:006a65b30cfdd9d751d7ab042fde7eca2c3bc9dc - name: binfmt diff --git a/examples/aws.yml b/examples/aws.yml index 06cee4668..3e468fe2b 100644 --- a/examples/aws.yml +++ b/examples/aws.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/azure.yml b/examples/azure.yml index 22a36de40..47a76a564 100644 --- a/examples/azure.yml +++ b/examples/azure.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b diff --git a/examples/docker.yml b/examples/docker.yml index 4ca654b46..9ea6939a2 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: sysfs image: linuxkit/sysfs:006a65b30cfdd9d751d7ab042fde7eca2c3bc9dc - name: binfmt diff --git a/examples/gcp.yml b/examples/gcp.yml index cd64df298..3369f7518 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/getty.yml b/examples/getty.yml index b183613b1..22bd283b8 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/packet.yml b/examples/packet.yml index 14785f245..4636583c1 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b diff --git a/examples/sshd.yml b/examples/sshd.yml index 588ad85c2..077822ca6 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: getty image: linuxkit/getty:58620cff1b0bf8b5d144d087602115e996f18a02 diff --git a/examples/swap.yml b/examples/swap.yml index 0546ebfd9..c16f5400d 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/tpm.yml b/examples/tpm.yml index e190c246a..35d4706d6 100644 --- a/examples/tpm.yml +++ b/examples/tpm.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcpcd image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/vmware.yml b/examples/vmware.yml index b05b54286..fee94073c 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: getty image: linuxkit/getty:58620cff1b0bf8b5d144d087602115e996f18a02 diff --git a/examples/vultr.yml b/examples/vultr.yml index 38e665d67..59b5a4f65 100644 --- a/examples/vultr.yml +++ b/examples/vultr.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/linuxkit.yml b/linuxkit.yml index 59f46234e..acef373ad 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: binfmt image: linuxkit/binfmt:257b5174a8e33bc62d5448cc026d72cae3713628 - name: dhcpcd diff --git a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf index bb59b989c..fb4fb4e82 100644 --- a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf +++ b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf @@ -13,8 +13,6 @@ net.ipv4.neigh.default.gc_thresh3 = 32768 fs.aio-max-nr = 1048576 fs.inotify.max_user_watches = 524288 fs.file-max = 524288 -# for rngd -kernel.random.write_wakeup_threshold = 3072 # security restrictions kernel.kptr_restrict = 2 net.ipv4.conf.all.send_redirects = 0 diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml index 9b14569e7..b59d4863c 100644 --- a/projects/compose/compose-dynamic.yml +++ b/projects/compose/compose-dynamic.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: sysfs image: linuxkit/sysfs:006a65b30cfdd9d751d7ab042fde7eca2c3bc9dc - name: dhcpcd diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml index a9b4a55f1..1716a4e5b 100644 --- a/projects/compose/compose-static.yml +++ b/projects/compose/compose-static.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: sysfs image: linuxkit/sysfs:006a65b30cfdd9d751d7ab042fde7eca2c3bc9dc - name: dhcpcd diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 2bcaf8687..fa7e72877 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: format image: linuxkit/format:efafddf9bc6165b5efaf09c532c15a1100a10e61 - name: mount diff --git a/projects/etcd/prom-us-central1-f.yml b/projects/etcd/prom-us-central1-f.yml index 8633bc0f2..7976dd665 100644 --- a/projects/etcd/prom-us-central1-f.yml +++ b/projects/etcd/prom-us-central1-f.yml @@ -8,7 +8,7 @@ init: - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/ima-namespace/ima-namespace.yml b/projects/ima-namespace/ima-namespace.yml index cf087d2be..0717a1e74 100644 --- a/projects/ima-namespace/ima-namespace.yml +++ b/projects/ima-namespace/ima-namespace.yml @@ -9,7 +9,7 @@ init: - linuxkit/ima-utils:dfeb3896fd29308b80ff9ba7fe5b8b767e40ca29 onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: binfmt image: linuxkit/binfmt:257b5174a8e33bc62d5448cc026d72cae3713628 - name: dhcpcd diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index 37735197b..5189087ea 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: sysfs image: linuxkit/sysfs:006a65b30cfdd9d751d7ab042fde7eca2c3bc9dc - name: binfmt diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 5cab557b2..010edd0c7 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: sysfs image: linuxkit/sysfs:006a65b30cfdd9d751d7ab042fde7eca2c3bc9dc - name: binfmt diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index bd7fc7c4c..4ced0ffd6 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -9,7 +9,7 @@ init: - linuxkit/memlogd:9b5834189f598f43c507f6938077113906f51012 onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: binfmt image: linuxkit/binfmt:257b5174a8e33bc62d5448cc026d72cae3713628 - name: dhcpcd diff --git a/projects/miragesdk/examples/fdd.yml b/projects/miragesdk/examples/fdd.yml index bba83e882..4508d6020 100644 --- a/projects/miragesdk/examples/fdd.yml +++ b/projects/miragesdk/examples/fdd.yml @@ -9,7 +9,7 @@ init: - samoht/fdd onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: getty image: linuxkit/getty:58620cff1b0bf8b5d144d087602115e996f18a02 diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index a79d27932..3f7834fdd 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:8fc87b7f465bde9ece781899a007f47b6d3c096b onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: dhcp-client image: miragesdk/dhcp-client:22aa9d527820534295a8cd59901c0c5197af6585 net: host diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 2b6202d76..a6ae93f7d 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml index 47e2f97ee..3b04d9c52 100644 --- a/projects/shiftfs/shiftfs.yml +++ b/projects/shiftfs/shiftfs.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: binfmt image: linuxkit/binfmt:257b5174a8e33bc62d5448cc026d72cae3713628 - name: dhcpcd diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index 888767eae..2bce5b8b4 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb binds: - /etc/sysctl.d/01-swarmd.conf:/etc/sysctl.d/01-swarmd.conf - name: dhcpcd diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index f8917a20b..e54dad0d4 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: sysfs image: linuxkit/sysfs:006a65b30cfdd9d751d7ab042fde7eca2c3bc9dc - name: binfmt diff --git a/test/cases/040_packages/003_containerd/test-containerd.yml b/test/cases/040_packages/003_containerd/test-containerd.yml index 7c26e7b72..389ccfc28 100644 --- a/test/cases/040_packages/003_containerd/test-containerd.yml +++ b/test/cases/040_packages/003_containerd/test-containerd.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: test image: linuxkit/test-containerd:dd3f2ba599c70994ba875e7c86c04df2967e3144 - name: poweroff diff --git a/test/cases/040_packages/019_sysctl/test-sysctl.yml b/test/cases/040_packages/019_sysctl/test-sysctl.yml index 9d9987a1f..2663a3e74 100644 --- a/test/cases/040_packages/019_sysctl/test-sysctl.yml +++ b/test/cases/040_packages/019_sysctl/test-sysctl.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:f5960b83a8766ae083efc744fa63dbf877450e4f onboot: - name: sysctl - image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 + image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb - name: test image: alpine:3.6 net: host