mrrl-system-config

system configuration on top of MRRL
git clone https://ccx.te2000.cz/git/mrrl-system-config
Log | Files | Refs
commit 2a0cda6e4298cd266658bc45927c9707e6e50faf
parent f41e8fb1dda464b6f5bf4c1f77c3fadd8593717a
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Wed, 19 Mar 2025 21:26:07 +0000

Set sysctl (disable userns)

Diffstat:

Aconfig/sysctl.conf | 2++


Ms6-rc.aat | 18++++++++++++------


2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/config/sysctl.conf b/config/sysctl.conf
@@ -0,0 +1,2 @@
+# disable userns
+user.max_user_namespaces = 0
diff --git a/s6-rc.aat b/s6-rc.aat
@@ -54,7 +54,7 @@
 @endfor
 |}
 
-|start_longrun_with_logger("dhcpcd", "modules ok-mount ok-sysinit")
+|start_longrun_with_logger("dhcpcd", "sysctl modules ok-mount ok-sysinit")
 |enabled_bundle("net-all")
 |run_arg("dhcpcd --nobackground --nohook 20-resolv.conf")
 |end()
@@ -133,18 +133,24 @@
 @endfor
 |end()
 
+|start_oneshot("sysctl", "modules")
+|in_bundle("ok-all-but-tty")
+|up()
+	{{qexec("sysctl")}} -p {{qconfig("sysctl.conf}}
+|end()
+
 |start_oneshot("cgroups", "mount-run-cgroup")
 |in_bundle("ok-sysinit")
 |up()
 	cgconfigparser -l {{qconfig("cgconfig.conf")}}
 |end()
 
-|start_oneshot("mdevd-coldplug", "mount-dev mount-sys modules mdevd")
+|start_oneshot("mdevd-coldplug", "mount-dev mount-sys sysctl modules mdevd")
 |up()
 	{{qenv("mdevd")}} mdevd-coldplug
 |end()
 
-|start_oneshot("udev-coldplug", "mount-dev mount-sys modules udev")
+|start_oneshot("udev-coldplug", "mount-dev mount-sys sysctl modules udev")
 |up()
 	udevadm settle
 |end()
@@ -201,7 +207,7 @@
 	{{qexec("foreground")}} { {{qexec("umount")}} /tmp/.X11-unix }
 |end()
 
-|start_oneshot("openrc", "ok-sysinit ok-mount modules")
+|start_oneshot("openrc", "ok-sysinit ok-mount sysctl modules")
 |up()
 	export TERM "linux"
 	foreground { /sbin/openrc boot }
@@ -234,7 +240,7 @@
 |#/swap/up	cN	swapon -a	m644
 |#/swap/down	cN	swapoff -a	m644
 
-|start_oneshot("alsa-devices", "modules dev-coldplug")
+|start_oneshot("alsa-devices", "sysctl modules dev-coldplug")
 |up()
 	sh -c "
 	retry=true
@@ -341,7 +347,7 @@
 	--config=/etc/rsyncd.conf
 |end()
 
-|start_longrun_with_logger("wpa_supplicant", "modules\nok-sysinit")
+|start_longrun_with_logger("wpa_supplicant", "sysctl modules ok-sysinit")
 |#enabled_bundle("net-all")
 |run_el()
 	/usr/sbin/wpa_supplicant