github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-12-16 01:43:25 +00:00
Code Issues Projects Releases Wiki Activity
2,169 Commits 1 Branch 31 Tags
c93c7cf4330cb6d3b7c4b50849e5596e3e66a53b
Commit Graph

13 Commits

Author SHA1 Message Date
Riyaz Faizullabhoy
3cf8ac1c95 Add fs link protection sysctls 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-01-18 15:20:40 +00:00
Justin Cormack
83a9cf6622 Combine sysctl configs 
Where the suggestions came from is not that useful, just have a
single file for the main ones and then distro specific versions.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-01-10 11:40:36 +00:00
Riyaz Faizullabhoy
fe62e3eed8 Add kspp recommended sysctl settings 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-22 10:00:22 -08:00
Riyaz Faizullabhoy
1b98dbb6e2 Only disable sysrq for cloud editions 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-16 09:24:34 -08:00
Riyaz Faizullabhoy
2e8a6143dd Disable kexec from kernel_config, revert sysctl config because key is now unknown 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-07 11:43:10 -08:00
Riyaz Faizullabhoy
0b4f1ab5f4 Disable kexec load in sysctl config 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-05 09:26:17 -08:00
Justin Cormack
bf1c21e045 Run rngd inside a system container 
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 14:00:12 +00:00
Riyaz Faizullabhoy
fdffacd809 Add sysctl changes as suggested by lynis 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-01 15:41:57 -08:00
Riyaz Faizullabhoy
0a265fa521 Disable kernel modules for cloud editions from moby by checking in 
a modified sysctl init with a cloud config

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-11-28 15:40:02 -08:00
Justin Cormack
248a3c39f9 Increase neighbor cache threshold values 
Needed for larger clusters.

Needed for https://github.com/docker/editions/issues/377

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-28 22:25:36 +01:00
Justin Cormack
b9273e5549 Support memory overcommit 
One less complaint in Redis startup.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-05 11:46:58 +02:00
Justin Cormack
0847d0419e Increase default fs.aio-max-nr 
As recommended by Oracle for MySQL.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-09-19 23:38:26 +01:00
Justin Cormack
c0579f4b83 Add default sysfs settings 
This uses the new Alpine sysfs.conf service to allow config of sysfs.

Default file that sets transparent huge pages to only be used on request
to fix #368

Database setting available for user configuration.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-08-12 14:13:40 +01:00