File sysctl.conf of Package swsnr-linux-base
# Don't let non-root users get addresses of kernel symbols kernel.kptr_restrict=1 # Disable kexec to disallow replacing the running kernel. kernel.kexec_load_disabled=1 # Limit ptracing. # # See https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html#ptrace-scope # for permitted values. 1 limits ptracing to "related" processes. # # 1password wants 1 here, see https://1password.community/discussion/comment/713046/#Comment_713046 kernel.yama.ptrace_scope=1 # IPv6 Privacy Extensions (RFC 4941) # --- # IPv6 typically uses a device's MAC address when choosing an IPv6 address # to use in autoconfiguration. Privacy extensions allow using a randomly # generated IPv6 address, which increases privacy. # # Acceptable values: # 0 - don’t use privacy extensions. # 1 - generate privacy addresses # 2 - prefer privacy addresses and use them over the normal addresses. net.ipv6.conf.all.use_tempaddr=2 net.ipv6.conf.default.use_tempaddr=2 # Enable BRR for congestion control net.ipv4.tcp_congestion_control = bbr # Enable explicit congestion notifications for incoming and outgoing connections net.ipv4.tcp_ecn = 1 # The magic SysRq key enables certain keyboard combinations to be # interpreted by the kernel to help with debugging. The kernel will respond # to these keys regardless of the current running applications. # # In general, the magic SysRq key is not needed for the average Ubuntu # system, and having it enabled by default can lead to security issues on # the console such as being able to dump memory or to kill arbitrary # processes including the running screen lock. # # Here is the list of possible values: # 0 - disable sysrq completely # 1 - enable all functions of sysrq # >1 - enable certain functions by adding up the following values: # 2 - enable control of console logging level # 4 - enable control of keyboard (SAK, unraw) # 8 - enable debugging dumps of processes etc. # 16 - enable sync command # 32 - enable remount read-only # 64 - enable signalling of processes (term, kill, oom-kill) # 128 - allow reboot/poweroff # 256 - allow nicing of all RT tasks # # For example, to enable both control of console logging level and # debugging dumps of processes: kernel.sysrq = 10 # # 128 + 32 + 16 kernel.sysrq=176 # Raise inotify resource limits fs.inotify.max_user_instances = 1024 fs.inotify.max_user_watches = 524288 # Disable NMI watchdog (powertop recommendation) kernel.nmi_watchdog=0 # Disable more watchdogs kernel.soft_watchdog=0 kernel.watchdog=0 # Disable splitlock thingything kernel.split_lock_mitigate=0 # Increase the number of virtual memory areas that one process may request, # see https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/5GU7ZUFI25T2IRXIQ62YYERQKIPE3U6E/ # and https://src.fedoraproject.org/rpms/systemd/blob/f39/f/10-map-count.conf vm.max_map_count=1048576 # Increase writeback time (default's 500, powertop recommendation) vm.dirty_writeback_centisecs=1500
