Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set net.ipv4 sysctl flags via server metapackage #55

Merged
merged 1 commit into from
Nov 5, 2024
Merged

Set net.ipv4 sysctl flags via server metapackage #55

merged 1 commit into from
Nov 5, 2024
+24 −0

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Nov 1, 2024
edited
Loading

Instead of setting these via ansible, let's ship them in this package so it's easier to tweak them in the future without needing future ansible runs.

A postinst snippet removes the values from /etc/sysctld.conf; it's okay if they're temporarily duplicated since they'll have the same values.

Refs freedomofpress/securedrop#7323.

@legoktm legoktm force-pushed the sysctl-ipv4 branch 2 times, most recently from feb6335 to 36151dd Compare November 1, 2024 21:20
@legoktm
Set net.ipv4 sysctl flags via server metapackage
ee519c8 
Instead of setting these via ansible, let's ship them in this package so
it's easier to tweak them in the future without needing future ansible
runs.

A postinst snippet removes the values from /etc/sysctld.conf; it's
okay if they're temporarily duplicated since they'll have the same
values.

Refs <freedomofpress/securedrop#7323>.
@legoktm legoktm mentioned this pull request Nov 1, 2024
Open
5 tasks
legoktm added a commit to freedomofpress/securedrop that referenced this pull request Nov 1, 2024
@legoktm
Drop setting vm.heap_stack_gap and net.ipv4 sysctl flags
3884e3f 
These are now set via the securedrop-grsec metapackage (see
<freedomofpress/kernel-builder#55>).

Refs #7323.
@legoktm legoktm mentioned this pull request Nov 1, 2024
Merged
2 tasks
zenmonkeykstop
zenmonkeykstop approved these changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed that set values are the same as those removed in freedomofpress/securedrop#7324

@zenmonkeykstop zenmonkeykstop merged commit 06b8b38 into main Nov 5, 2024
12 checks passed
legoktm added a commit to freedomofpress/securedrop that referenced this pull request Nov 6, 2024
@legoktm
Drop setting vm.heap_stack_gap and net.ipv4 sysctl flags
37f1827 
These are now set via the securedrop-grsec metapackage (see
<freedomofpress/kernel-builder#55>).

Tests are left in to verify the migration works properly.

Refs #7323.
@legoktm legoktm mentioned this pull request Nov 18, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
SecureDrop dev cycle
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@legoktm @zenmonkeykstop