pool/procps
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 71353 from home:lnussel:branches:Base:System

Browse Source 
- load sysctls earlier (bnc#664550)
- move distro defaults to /lib/sysctl.d to avoid .rpmnew files
- enable IPv6 privacy by default (bnc#678066)

I've sent the --system and --pattern path upstream but they weren't accepted
yet. So this is tentative but we need the /lib/sysctl.d feature to be able to
provide distro defaults in a sane way.

OBS-URL: https://build.opensuse.org/request/show/71353
OBS-URL: https://build.opensuse.org/package/show/Base:System/procps?expand=0&rev=46
This commit is contained in:
Cristian Rodríguez 2011-05-28 20:50:18 +00:00 committed by Git OBS Bridge
parent eca0ad6315
commit a082bb1e4a
7 changed files with 335 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
boot.sysctl
View File

@ -1,51 +1,36 @@
#! /bin/sh
#
# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. All rights reserved.
# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany.
# Copyright (c) 2011 SUSE Linux Products GmbH Nuernberg, Germany.
#
# /etc/init.d/boot.sysctl
#
### BEGIN INIT INFO
# Provides: boot.sysctl
# Required-Start: boot.proc $local_fs
# Should-Start: setserial boot.isapnp
# Required-Stop: boot.proc $local_fs
# Required-Start: $null
# Should-Start: $null
# Required-Stop: $null
# Should-Stop: $null
# Default-Start: B
# Default-Stop:
# Description: run sysctl with a given config file or create it
# Short-Description: Apply sysctl settings
# Description: Apply sysctl settings
### END INIT INFO
test -x /sbin/sysctl || exit 0
. /etc/rc.status
. /etc/sysconfig/sysctl
rc_reset
case "$1" in
start)
# Load per-kernel defaults from /boot. This file is provided
# by the kernel package and will be replaced on update.
if test -e "/boot/sysctl.conf-$(uname -r)"; then
echo -n "Loading sysctl defaults from /boot/sysctl.conf-$(uname -r)"
sysctl -e -q -p /boot/sysctl.conf-$(uname -r)
rc_status -v -r
fi
#
# run sysctl if the config file exists
# otherwise generate it
# the values set here might be overridden by the settings
# in /etc/sysconfig/sysctl
#
if test ! -e /etc/sysctl.conf ; then
echo -n "Sysctl: no file /etc/sysctl.conf"
rc_failed 5
else
echo -n "Setting current sysctl status from /etc/sysctl.conf"
sysctl -e -q -p /etc/sysctl.conf
fi
echo -n "Applying sysctl settings"
/sbin/sysctl -e -q --system
rc_status -v -r
if [ -s /etc/sysconfig/sysctl -a -x /lib/aaa_base/convert_sysctl ]; then
echo -n " Warning: applying settings from obsolete /etc/sysconfig/sysctl"
/lib/aaa_base/convert_sysctl --stdout | sysctl -e -q -f -
rc_status -v -r
fi
;;
stop)
# skip / do nothing

68
procps-3.2.8-add-system-switch.diff Normal file
View File

@ -0,0 +1,68 @@
From 45915cfc03fb82b68425445063a0bcebab1ff230 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 18 May 2011 08:16:39 +0200
Subject: [PATCH procps 1/3] add --system switch
instead of requiring distributions to construct a loop around sysctl
in boot scripts just scan a set of default directories if the --system
switch is used.
---
sysctl.c | 35 +++++++++++++++++++++++++++++++++++
1 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/sysctl.c b/sysctl.c
index 9be79ce..3445efe 100644
--- a/sysctl.c
+++ b/sysctl.c
@@ -453,6 +453,37 @@ static int Preload(const char *restrict const filename) {
return rc;
}
+static int PreloadSystem(void) {
+ unsigned i;
+ const char* dirs[] = {
+ "/lib/sysctl.d",
+ "/usr/lib/sysctl.d",
+ "/usr/local/lib/sysctl.d",
+ "/etc/sysctl.d",
+ };
+ for (i=0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) {
+ struct dirent* de;
+ DIR* dp = opendir(dirs[i]);
+ if (!dp)
+ continue;
+ while (( de = readdir(dp) )) {
+ char buf[PATH_MAX];
+ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) {
+ continue;
+ }
+ if (strlen(de->d_name) < 6 || !strcmp(de->d_name+strlen(de->d_name)-6, ".conf"))
+ continue;
+ snprintf(buf, sizeof(buf), "%s/%s", dirs[i], de->d_name);
+ if (!Quiet)
+ printf("* Applying %s ...\n", buf);
+ Preload(buf);
+ }
+ closedir(dp);
+ }
+ if (!Quiet)
+ printf("* Applying %s ...\n", DEFAULT_PRELOAD);
+ return Preload(DEFAULT_PRELOAD);
+}
/*
@@ -488,6 +519,10 @@ int main(int argc, char *argv[]) {
fprintf(stdout, "sysctl (%s)\n",procps_version);
exit(0);
}
+ if (!strcmp("--system",*argv)) {
+ IgnoreError = true;
+ return PreloadSystem();
+ }
fprintf(stderr, ERR_UNKNOWN_PARAMETER, *argv);
return Usage(me);
}
--
1.7.3.4

146
procps-3.2.8-implement-pattern-option.diff Normal file
View File

@ -0,0 +1,146 @@
From b73ff507f616c74ac94e7b1bef2ce51fa9bb2806 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 18 May 2011 08:20:09 +0200
Subject: [PATCH procps 2/3] implement --pattern option
Useful for e.g network hook scripts together with --system to only apply
sysctls for a specific network interface.
---
sysctl.8 | 14 ++++++++++++++
sysctl.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+), 0 deletions(-)
diff --git a/sysctl.8 b/sysctl.8
index e26c4fb..9f6de65 100644
--- a/sysctl.8
+++ b/sysctl.8
@@ -64,6 +64,16 @@ Display all values currently available.
.TP
.B "-A"
Display all values currently available in table form.
+.TP
+.B "--system"
+Load settings from system configuration files (/lib/sysctl.d/*.conf,
+/usr/lib/sysctl.d/*.conf, /usr/local/lib/sysctl.d/*.conf,
+/etc/sysctl.d/*.conf, /etc/sysctl.conf)
+.TP
+.B "--pattern" PATTERN
+Ignore settings that don't patch PATTERN. A star '*' is recognized
+as wildcard. It matches strings until the next dot. '**' at the end
+of the pattern matches until the end of the string.
.SH EXAMPLES
.TP
/sbin/sysctl -a
@@ -73,6 +83,10 @@ Display all values currently available in table form.
/sbin/sysctl -w kernel.domainname="example.com"
.TP
/sbin/sysctl -p /etc/sysctl.conf
+.TP
+/sbin/sysctl --pattern 'net.ipv4.conf.*.forwarding' -a
+.TP
+/sbin/sysctl --pattern 'net.ipv6.**' --system
.SH FILES
.I /proc/sys
.I /etc/sysctl.conf
diff --git a/sysctl.c b/sysctl.c
index 3445efe..b68170b 100644
--- a/sysctl.c
+++ b/sysctl.c
@@ -50,6 +50,7 @@ static bool PrintName;
static bool PrintNewline;
static bool IgnoreError;
static bool Quiet;
+static char* pattern;
/* error messages */
static const char ERR_UNKNOWN_PARAMETER[] = "error: Unknown parameter \"%s\"\n";
@@ -63,6 +64,7 @@ static const char ERR_OPENING_DIR[] = "error: unable to open directory \"%s\"\n"
static const char ERR_PRELOAD_FILE[] = "error: unable to open preload file \"%s\"\n";
static const char WARN_BAD_LINE[] = "warning: %s(%d): invalid syntax, continuing...\n";
+static int pattern_match(const char* name);
static void slashdot(char *restrict p, char old, char new){
p = strpbrk(p,"/.");
@@ -145,6 +147,10 @@ static int ReadSetting(const char *restrict const name) {
outname = strdup(name);
slashdot(outname,'/','.'); /* change / to . */
+ if (pattern && !pattern_match(outname)){
+ goto out;
+ }
+
if (stat(tmpname, &ts) < 0) {
if (!IgnoreError) {
perror(tmpname);
@@ -391,7 +397,39 @@ out:
return rc;
}
+static int pattern_match(const char* name) {
+ const char* p = pattern;
+ if (!p || !name)
+ return 0;
+
+ while (*p && *name) {
+ if (*p == '*') {
+ ++p;
+ // collapse stars. if at end match rest of string
+ while (*p == '*') {
+ ++p;
+ if (!*p)
+ return 1;
+ }
+ while (*name) {
+ if (*name == '.') {
+ break;
+ }
+ ++name;
+ }
+ continue;
+ }
+ if (*p != *name)
+ return 0;
+ ++p;
+ ++name;
+ continue;
+ }
+ if (!*p && !*name)
+ return 1;
+ return 0;
+}
/*
* Preload the sysctl's from the conf file
@@ -435,6 +473,10 @@ static int Preload(const char *restrict const filename) {
StripLeadingAndTrailingSpaces(name);
+ if (pattern && !pattern_match(name)){
+ continue;
+ }
+
value = strtok(NULL, "\n\r");
if (!value || !*value) {
fprintf(stderr, WARN_BAD_LINE, filename, n);
@@ -523,6 +565,16 @@ int main(int argc, char *argv[]) {
IgnoreError = true;
return PreloadSystem();
}
+ if (!strcmp("--pattern",*argv)) {
+ ++argv;
+ if (*argv && **argv) {
+ pattern = strdup(*argv);
+ continue;
+ } else {
+ fprintf(stderr, "error: --pattern requires an argument\n");
+ return 1;
+ }
+ }
fprintf(stderr, ERR_UNKNOWN_PARAMETER, *argv);
return Usage(me);
}
--
1.7.3.4

46
procps-3.2.8-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff Normal file
View File

@ -0,0 +1,46 @@
From 40c2bfe16c9a9e9562c686afa9d6b7f754a5c8d9 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 17 May 2011 16:35:18 +0200
Subject: [PATCH procps 3/3] read sysctls also from /boot/sysctl.conf-$kernelversion
---
sysctl.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/sysctl.c b/sysctl.c
index b68170b..6967ca8 100644
--- a/sysctl.c
+++ b/sysctl.c
@@ -27,6 +27,7 @@
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/utsname.h>
#include <dirent.h>
#include <string.h>
#include <errno.h>
@@ -497,12 +498,21 @@ static int Preload(const char *restrict const filename) {
static int PreloadSystem(void) {
unsigned i;
+ struct utsname uts;
const char* dirs[] = {
"/lib/sysctl.d",
"/usr/lib/sysctl.d",
"/usr/local/lib/sysctl.d",
"/etc/sysctl.d",
};
+ if (uname(&uts) == 0) {
+ char buf[PATH_MAX];
+ snprintf(buf, sizeof(buf), "/boot/sysctl.conf-%s", uts.release);
+ if (access(buf, R_OK) == 0) {
+ printf("* Applying %s ...\n", buf);
+ Preload(buf);
+ }
+ }
for (i=0; i < sizeof(dirs)/sizeof(dirs[0]); ++i) {
struct dirent* de;
DIR* dp = opendir(dirs[i]);
--
1.7.3.4

7
procps.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue May 17 14:42:31 UTC 2011 - lnussel@suse.de
- load sysctls earlier (bnc#664550)
- move distro defaults to /lib/sysctl.d to avoid .rpmnew files
- enable IPv6 privacy by default (bnc#678066)
-------------------------------------------------------------------
Thu May 5 17:49:30 CEST 2011 - jeffm@suse.de

19
procps.spec
View File

@ -73,6 +73,9 @@ Patch35: bug-634840.patch
Patch36: procps-3.2.8.dif
# bnc #649501, apparently the initialization is depending on linking order...
Patch37: procps-3.2.8-fix-unknown-HZ.dif
Patch38: procps-3.2.8-add-system-switch.diff
Patch39: procps-3.2.8-implement-pattern-option.diff
Patch40: procps-3.2.8-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -138,6 +141,9 @@ Authors:
%patch35 -p1
%patch36
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1
%build
make %{?_smp_mflags} CFLAGS="-Wall -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $RPM_OPT_FLAGS -pipe" \
@ -150,10 +156,12 @@ make DESTDIR=$RPM_BUILD_ROOT install
install -d $RPM_BUILD_ROOT/etc/init.d $RPM_BUILD_ROOT/etc/xinetd.d
install -m 755 %SOURCE1 $RPM_BUILD_ROOT/etc/init.d
install -m 644 %SOURCE2 $RPM_BUILD_ROOT/etc/xinetd.d/systat
install -d $RPM_BUILD_ROOT/lib/sysctl.d $RPM_BUILD_ROOT/etc/sysctl.d
install -m 644 %SOURCE3 $RPM_BUILD_ROOT/lib/sysctl.d/sysctl.conf
case "$RPM_ARCH" in
s390*) install -m 644 %SOURCE4 $RPM_BUILD_ROOT/etc/sysctl.conf ;;
*) install -m 644 %SOURCE3 $RPM_BUILD_ROOT/etc/sysctl.conf ;;
s390*) install -m 644 %SOURCE4 $RPM_BUILD_ROOT/lib/sysctl.d/sysctl-s390.conf ;;
esac
# clean unwanted files (coreutils)
rm -f $RPM_BUILD_ROOT/bin/kill
rm -f $RPM_BUILD_ROOT/usr/bin/uptime
@ -168,6 +176,8 @@ rm -rf $RPM_BUILD_ROOT
%post
%{fillup_and_insserv -ny boot.sysctl boot.sysctl}
#
test -e /etc/sysctl.conf || > /etc/sysctl.conf
%postun
%insserv_cleanup
@ -176,7 +186,7 @@ rm -rf $RPM_BUILD_ROOT
%defattr (-,root,root,755)
%doc NEWS README COPYING
%config /etc/init.d/boot.sysctl
%config(noreplace) /etc/sysctl.conf
%config(noreplace) %ghost %attr(0644,root,root) /etc/sysctl.conf
%config(noreplace) /etc/xinetd.d/systat
/bin/ps
/bin/pgrep
@ -195,6 +205,9 @@ rm -rf $RPM_BUILD_ROOT
/usr/bin/vmstat
/usr/bin/w
/usr/bin/watch
%dir /etc/sysctl.d
%dir /lib/sysctl.d
/lib/sysctl.d/*.conf
%_mandir/man1/free.1.gz
%_mandir/man1/pgrep.1.gz
%_mandir/man1/pkill.1.gz

46
sysctl.conf
View File

@ -1,14 +1,44 @@
# Disable response to broadcasts.
# You don't want yourself becoming a Smurf amplifier.
#
# Distribution defaults.
# Use /etc/sysctl.conf to override.
#
# Disable response to broadcast pings to avoid smurf attacks.
net.ipv4.icmp_echo_ignore_broadcasts = 1
# enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
# disable IPv6 completely
#net.ipv6.conf.all.disable_ipv6 = 1
# enable IPv6 forwarding
#net.ipv6.conf.all.forwarding = 1
# increase the number of possible inotify(7) watches
fs.inotify.max_user_watches = 65536
# avoid deleting secondary IPs on deleting the primary IP
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
# disable IPv6 completely
#net.ipv6.conf.all.disable_ipv6 = 1
# enable IPv6 forwarding
#net.ipv6.conf.all.forwarding = 1
# enable IPv6 privacy (bnc#678066)
net.ipv6.conf.default.use_tempaddr = 2
# increase the number of possible inotify(7) watches
fs.inotify.max_user_watches = 65536
# Magic SysRq Keys enable some control over the system even if it
# crashes (e.g. during kernel debugging).
#
# 0 - disable sysrq completely
# 1 - enable all functions of sysrq
# >1 - bitmask of allowed sysrq functions:
# 2 - enable control of console logging level
# 4 - enable control of keyboard (SAK, unraw)
# 8 - enable debugging dumps of processes etc.
# 16 - enable sync command
# 32 - enable remount read-only
# 64 - enable signalling of processes (term, kill, oom-kill)
# 128 - allow reboot/poweroff
# 256 - allow nicing of all RT tasks
#
# For further information see /usr/src/linux/Documentation/sysrq.txt
# default 176 = 128+32+16
kernel.sysrq = 176