-
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
instead of using the "sync" option when mounting USB data drives - which
slows down transfer speed considerably and also increases the wear level load - we ensure a good synced media via decreased vm.dirty_expire_centisecs and vm.dirty_writeback_centisecs to 5 seconds. Thus we use a global sysctl.conf now with reasonable values.
- Loading branch information
Showing
2 changed files
with
36 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc). (There is no CONFIG for the changing the initial value.) | ||
| kernel.kptr_restrict = 1 | ||
|
|
||
| # Avoid kernel memory address exposures via dmesg (this value can also be set by CONFIG_SECURITY_DMESG_RESTRICT). | ||
| kernel.dmesg_restrict = 1 | ||
|
|
||
| # Block non-uid-0 profiling (needs distro patch, otherwise this is the same as "= 2") | ||
| kernel.perf_event_paranoid = 3 | ||
|
|
||
| # Avoid non-ancestor ptrace access to running processes and their credentials. | ||
| kernel.yama.ptrace_scope = 1 | ||
|
|
||
| # Disable User Namespaces, as it opens up a large attack surface to unprivileged users. | ||
| user.max_user_namespaces = 0 | ||
|
|
||
| # increase netfilter conntrack maximum hash table size to 256K | ||
| net.netfilter.nf_conntrack_buckets = 65536 | ||
| net.netfilter.nf_conntrack_max = 262144 | ||
|
|
||
| # Since multicast is rather popular increate the default 20 memberships | ||
| net.ipv4.igmp_max_memberships = 1024 | ||
|
|
||
| # Increase maximum receive and send buffer size | ||
| net.core.rmem_max = 4194304 | ||
| net.core.wmem_max = 4194304 | ||
|
|
||
| # use fq_codel net scheduler | ||
| #net.core.default_qdisc = fq_codel | ||
|
|
||
| # reduce swappiness | ||
| vm.swappiness = 10 | ||
|
|
||
| # increase frequency of disk syncing (for more frequent USB data syncing) | ||
| vm.dirty_expire_centisecs = 500 | ||
| vm.dirty_writeback_centisecs = 500 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters