Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packages doing crazy things (sysctls, /boot/loader.conf mods)

    Scheduled Pinned Locked Moved Development
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      So we have packages

      1/ messing with /etc/sysctl.conf like:

      https://github.com/pfsense/pfsense-packages/blob/master/config/zabbix-agent-lts/zabbix-agent-lts.inc#L163
      https://github.com/pfsense/pfsense-packages/blob/master/config/zabbix-proxy-lts/zabbix-proxy-lts.inc#L113

      and even /boot/loader.conf:

      https://github.com/pfsense/pfsense-packages/blob/master/config/zabbix-agent-lts/zabbix-agent-lts.inc#L186
      https://github.com/pfsense/pfsense-packages/blob/master/config/zabbix-proxy-lts/zabbix-proxy-lts.inc#L136

      This is a completely retarded idea which lingers there even after package uninstall, because noone has bothered with cleaning up after themselves when reading the package.

      2/ Then we have packages that mess with sysctls only when running (starting), like:

      https://github.com/pfsense/pfsense-packages/blob/master/config/postfix/postfix.inc#L754
      https://github.com/pfsense/pfsense-packages/blob/master/config/dansguardian/dansguardian_rc.template
      https://github.com/pfsense/pfsense-packages/blob/master/config/openbgpd/openbgpd.inc#L283

      Doing it in rc script/on package start seems a lot better than #1.

      3/ Finally, there's input validation approach a.k.a. let users do with legwork if they need crazy shit:

      https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid_reverse.inc#L342

      Personally, I'd say this one is the most safe way, disadvantage being that people will likely forget what they added when removing the package.

      What's the preferred way to do similar things?

      Bonus points:  if someone can comment on the following crazy shit - WTH is this, why'd that needed and is that even safe? Why's that in two different files in the first place?

      These values are being crammed into /etc/sysctl.conf:

      
'kern.ipc.shmall' => '2097152',
'kern.ipc.shmmax' => '2147483648',
'kern.ipc.semmsl' => '250'

      These values are being crammed into /boot/loader.conf:

      
'kern.ipc.semopm' => '100',
'kern.ipc.semmni' => '128',
'kern.ipc.semmns' => '32000',
'kern.ipc.shmmni' => '4096'

      (copied from the zabbix stuff).

      1 Reply Last reply Reply Quote 0
      • J
        jwt Netgate
        last edited by

        obviously(?) sysctl needs an API, so we can ensure it occurs correctly, and perhaps within some limit.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.