I am using OpenBSD 7.7. So I know that procfs is not mounted on /proc, and I need to use sysctl to fetch process maps. But this fails as I am not running as a root user. The secure level is set to 1 so that is why I can't use sysctl without root. But even procmap is not permitted as a root user. Is there any way I can fetch the process maps without root?

I'm setting up a Linux box through AWS and I'm exploring sysctl. When I run ip route I can see that there are already routes on the machine refering to 169.X.X.X addresses. **Questions**: 1. What does systctl -w net.ipv4.route.flush=1 do? 2. Could systctl -w net.ipv4.route.flush=1 mess up the default box/configuration needed in order for the AWS Linux instance to work as intended?

My setup involves receiving IPv6 routes via Router Advertisements (RA). - A global on-link prefix route (e.g. 2405:200:185:2666::/64 dev eth0 proto ra metric 110) I know you can use net.ipv6.conf.eth0.ra_defrtr_metric to lower the metric of the default route. However, I would like to modify the metric of the global prefix route added via RA, not the default route, but the proto ra route for the global /64 prefix. This route always appears with proto ra metric 110, and I haven’t found a sysctl or documented method to influence that value. Is there a way in kernel 6.1 or newer to set or override the metric of non-default RA-learned routes (prefix routes)? Thanks for the help!

I'm currently running RHEL7. I haven't been able to find a definitive explanation of how to disable core dump files. I can limit to number of core files that are produced, but I don't know how to disable them entirely. I limited the number of core files that get generated by adding kernel.core_uses_pid = 0 kernel.core_pattern = core to /etc/sysctl.conf and running sudo sysctl -p This limits core file generation to a single file that gets rewritten each time there's a core dump. But I'd like to stop this file from being generated altogether. Thanks! EDIT: I also tried this: Add the line Storage:none to /etc/systemd/coredump.conf This didn't change anything, core files still get produced.

Between Debian 5 and 6, the default suggested value for kernel.printk in /etc/sysctl.conf was changed from kernel.printk = 4 4 1 7 to kernel.printk = 3 4 1 3. I understand that the first value corresponds to what is going to the console. What are the next 3 values for? Do the numerical values have the same meaning as the syslog log levels? Or do they have different definitions? Am I missing some documentation in my searching, or is the only location to figure this out the kernel source.

On my Linux Yocto-base distribution I don't find any sysctl.conf file. The proof of this is the execution of the command:

> find / -name "sysctl.conf"

which has an output empty. On my Yocto build system (I'm using the release zeus) I can find: 1. the file sysctl.conf in the path: meta/recipes-extended/procps/procps/ 2. the recipe procps_3.3.16.bb in the path meta/recipes-extended/procps/ The content of the recipe procps_3.3.16.bb is the following:

SUMMARY = "System and process monitoring utilities"
DESCRIPTION = "Procps contains a set of system utilities that provide system information about processes using \
the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill, and skill."
HOMEPAGE = "https://gitlab.com/procps-ng/procps "
SECTION = "base"
LICENSE = "GPLv2+ & LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                    file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
                    "

DEPENDS = "ncurses"

inherit autotools gettext pkgconfig update-alternatives

SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https \
           file://sysctl.conf \
           "
SRCREV = "59c88e18f29000ceaf7e5f98181b07be443cf12f"

S = "${WORKDIR}/git"

# Upstream has a custom autogen.sh which invokes po/update-potfiles as they
# don't ship a po/POTFILES.in (which is silly).  Without that file gettext
# doesn't believe po/ is a gettext directory and won't generate po/Makefile.
do_configure_prepend() {
    ( cd ${S} && po/update-potfiles )
}

EXTRA_OECONF = "--enable-skill --disable-modern-top"

PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd"

do_install_append () {
	install -d ${D}${base_bindir}
	[ "${bindir}" != "${base_bindir}" ] && for i in ${base_bindir_progs}; do mv ${D}${bindir}/$i ${D}${base_bindir}/$i; done
	install -d ${D}${base_sbindir}
	[ "${sbindir}" != "${base_sbindir}" ] && for i in ${base_sbindir_progs}; do mv ${D}${sbindir}/$i ${D}${base_sbindir}/$i; done
        if [ "${base_sbindir}" != "${sbindir}" ]; then
                rmdir ${D}${sbindir}
        fi

        install -d ${D}${sysconfdir}
        install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/sysctl.conf
        if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
                install -d ${D}${sysconfdir}/sysctl.d
                ln -sf ../sysctl.conf ${D}${sysconfdir}/sysctl.d/99-sysctl.conf
        fi
}

CONFFILES_${PN} = "${sysconfdir}/sysctl.conf"

bindir_progs = "free pkill pmap pgrep pwdx skill snice top uptime w"
base_bindir_progs += "kill pidof ps watch"
base_sbindir_progs += "sysctl"

ALTERNATIVE_PRIORITY = "200"
ALTERNATIVE_PRIORITY[pidof] = "150"

ALTERNATIVE_${PN} = "${bindir_progs} ${base_bindir_progs} ${base_sbindir_progs}"

ALTERNATIVE_${PN}-doc = "kill.1 uptime.1"
ALTERNATIVE_LINK_NAME[kill.1] = "${mandir}/man1/kill.1"
ALTERNATIVE_LINK_NAME[uptime.1] = "${mandir}/man1/uptime.1"

python __anonymous() {
    for prog in d.getVar('base_bindir_progs').split():
        d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_bindir'), prog))

    for prog in d.getVar('base_sbindir_progs').split():
        d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
}

# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 
CVE_CHECK_WHITELIST += "CVE-2018-1121"

With the previous recipe procps_3.3.16.bb I think that the file sysctl.conf should be installed in /etc/; I'm thinking this because in the function do_install_append() declared in the previous recipe is present the command:

install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/sysctl.conf

which seems to install the file sysctl.conf in the path /etc of the filesystem of the image created by bitbake. Furthermore the output of the execution of the command bitbake procps, is saved in the build folder of procps and in this output, the file /etc/sysctl.conf in both the sub-folders image and package. So seems that the file is correctly prepared for the deployment to the final image, but the deployment is not executed. ### On my system is used systemd-sysctl ### At [this link](https://man7.org/linux/man-pages/man5/sysctl.conf.5.html) I have found the following sentence: > This man page describes the configuration files for procps sysctl. If you are using systemd-sysctl(8), refer to sysctl.d(5) and note that it won't use the file /etc/sysctl.conf. This mean that the /etc/sysctl.conf is not used on my system. ### Links about the same topic ### 1. Very useful [this link](https://stackoverflow.com/questions/57071108/add-new-kernel-parameter-to-custom-linux-image-generated-by-yocto) which speaks about the same argument, but in the case that the file sysctl.conf is deployed and so it is present in the filesystem of the Yocto distribution. 2. My exactly problem is found in [this other link](https://lists.yoctoproject.org/g/meta-xilinx/topic/sysctl_conf_not_being/76646124) , but I have tried to follow all the suggestions proposed in it without success. 3. [This other link](https://unix.stackexchange.com/questions/791401/the-yocto-recipe-procps-doesnt-deploy-into-the-linux-built-image-all-the-applic) is yet about the recipe pocps_3.3.16.bb. ### Question ### With the configuration explained above, why the file sysctl.conf is not deployed to the folder /etc/ into the filesystem of the yocto image?

Currently i'm setting up a new Debian 11 Bullseye machine to act as a Wireguard gateway. Everything as usual, and simple. Unfortunately i am having a heavy issue regarding the IPV4 packet forwarding. It's a well known fact, that i have to uncomment #net.ipv4.ip_forward in the /etc/sysctl.conf file, to enable packet forwarding. Unfortunately,even when it's uncommented, the setting is not being applied automatically after reboot. I have to manually process the sysctl file using "sysctl -p" every time after reboot. What's wrong here? There is also no further sysctl.conf in sysctl.conf.d which may override this setting. I have also tried on a fresh Debian 11 system, with the same issue. root@wireguard:~# /sbin/sysctl --system * Applying /etc/sysctl.d/1-sysctl.conf ... net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 * Applying /usr/lib/sysctl.d/50-pid-max.conf ... kernel.pid_max = 4194304 * Applying /usr/lib/sysctl.d/protect-links.conf ... fs.protected_fifos = 1 fs.protected_hardlinks = 1 fs.protected_regular = 2 fs.protected_symlinks = 1 * Applying /etc/sysctl.conf ... net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 After reboot: root@wireguard:~# cat /proc/sys/net/ipv4/ip_forward 0 root@wireguard:~# cat /proc/sys/net/ipv6/conf/all/forwarding 1 I hope someone can help me, it looks like, it's being partially applied only, i don't know if it has something to do with the IPv6 setting. Everything apart from the sysctl.conf and the Wireguard install is set to default.

I am neither concerned about RAM usage (as I've got enough) nor about losing data in case of an accidental shut-down (as my power is backed, the system is reliable and the data are not critical). But I do a lot of file processing and could use some performance boost. That's why I'd like to set the system up to use more RAM for file system read and write caching, to prefetch files aggressively (e.g. read-ahead the whole file accessed by an application in case the file is of sane size or at least read-ahead a big chunk of it otherwise) and to flush writing buffers less frequently. How to achieve this (may it be possible)? I use ext3 and ntfs (I use ntfs a lot!) file systems with XUbuntu 11.10 x86.

Ubuntu 22.04 I'm new to Linux and try to configure IPv6 network. So I set

-sh
sudo sysctl net.ipv6.conf.eth0.accept_ra=2

The problem is it gets immediately overwritten back to the value 0. Why is that happening? Is there a way to fix that?

As I assigned static IP using ip -6 addr add dev eth0.4 My system is connected with other system by eth cable in same network by ethernet adapter configuration Now I am pinging my other pc,I observed Pc is using assing ipv6 address as a source for address resolution For neighbour reachability it's using link local address as a source I want like for neighbour reachability it should use assing ipv6 address.

I have a device that has Debian 11 installed, on which Docker is running.  On boot, it starts the Docker Daemon and the nine containers.  Eight of them are executing a C# program and the last one is a Postgres one. If I add vm.overcommit_memory = 2 to /etc/sysctl.conf and reboot the device, only the Postgres container starts. After, I did these steps: - docker-compose down - Set vm.overcommit_memory = 2 - reboot - docker-compose up -d Now, the first container, the Postgres one, fails to start with this error: >ERROR: for StargatePostgres Cannot start service postgres: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 2, stdout: , stderr: fatal error: out of memory allocating heap arena map There is enough memory, that's for sure:

free -m
               total        used        free      shared  buff/cache   available
Mem:            3603         534        2557          20         511        2910

[Please, I don't want to know why I *shouldn't* edit it; I want to know why I *can't* edit it] # pwd /var/spool/cron/crontabs # ll sysadmin -rw------- 1 sysadmin crontab 210 Jun 17 16:05 sysadmin # getcap sysadmin # lsattr sysadmin --------------e------- sysadmin # filecap /var/spool/cron/crontabs/sysadmin Unable to get capabilities of /var/spool/cron/crontabs/sysadmin: No data available This is Ubuntu 22.04, ext4, LVM. I can delete the file, but I can't write to it. **EDIT** crontab -e successfully changes the file, as expected. However, editing the file with a text editor (in my case, emacs, while running as root) simply gives an error message ("Opening output file: Permission denied, /var/spool/cron/crontabs/sysadmin"). **EDIT 2** This question isn't about emacs, or any other editor - it appears that crontab -e has some magic which I can't duplicate as a root user, and that the magic is unrelated to file capabilities. If I try echoing to the file as suggested in a comment: root@vserver:/var/spool/cron/crontabs# echo "foo" >> sysadmin bash: sysadmin: Permission denied So what is it that's denying me permission?

Although I have disabled IPv6 in sysctl.conf (Debian 11), connecting my main switch to an IPv6 enabled router results in IPv6 addresses being allocated on Debian interfaces and I can ping and SSH to them from external IP addresses. The original problem is discussed in https://unix.stackexchange.com/questions/776581/why-are-ipv6-address-being-assigned-although-ipv6-has-been-disabled . Normal internet connection is via a box which connects to the router via wireless and is also connected to the main switch. It is the gateway for all the systems and runs the VPN. The router normally has no direct connection to the main network switch. The problem comes when I connect the router directly to the main switch so the box acting as the gateway can get a higher performance over the wired connection compared to the wireless. Because IPv6 is disabled in /etc/sysctl.conf I don't expect IPv6 to be enabled at all, but it seems Debian has different ideas and whether via DHCPv6 or some other mechanism all the systems are allocated IPv6 addresses. This results in internet connectivity going directly through it the router and bypassing the IPv4 based VPN, resulting in a lot of Cloudflare checks and some websites not working properly until I disconnect the cable connecting directly from the switch to the router and restart networking on the systems or reboot them altogether. Checking whatsmyip.net displays my local IPv6 address and this is something I definitely don't want. I suspect it may be possible to configure something on the router to disable the IPv6 though, but I'd rather leave that alone and disable it in the Debian configurations. Are there other network services or some kernel features that bypass /etc/sysctl.conf and enable IPv6 to come up, either by DHCP or some other mechanism between Debian and the router? PS. The systems involved are all Debian 10 and 11.

I tried to turn off the tcp timestamp but it didn't work. The step i performed are the following: $ sysctl -w net.ipv4.tcp_timestamps=0 $ sysctl -p $ sysctl net.ipv4.tcp_timestamps (=> to be sure that it has been set to 0) $ hping3 www.google.com -S -c 1 -p 443 --tcp-timestamp and i obtained: TCP timestamp: tcpts=2513557362 I also tried to sniff the traffic through wireshark and i saw that every tcp packet contains the value in the timestamps field. I'm using Linux Debian 4.9.13. What I'm doing wrong?

It is well known that OpenBSD disables hyper-threading by default . However, htop shows 16 CPUs: 8 online and 8 offline, which takes extra space on the screen and is not very informative. Moreover, sysctl also sees 16 logical CPUs. This doesn't make sense to me: with hyperthreading disabled, it's an 8-core 8-thread processor, so I should see 8 physical/logical CPUs.

$ sysctl hw
hw.machine=amd64
hw.model=AMD Ryzen 7 5800H with Radeon Graphics
hw.ncpu=16
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:6d1abdce154d2fc8
hw.diskcount=1
hw.sensors.cpu0.frequency0=3900000000.00 Hz
hw.sensors.cpu2.frequency0=3900000000.00 Hz
hw.sensors.cpu4.frequency0=3900000000.00 Hz
hw.sensors.cpu6.frequency0=3900000000.00 Hz
hw.sensors.cpu8.frequency0=3900000000.00 Hz
hw.sensors.cpu10.frequency0=3900000000.00 Hz
hw.sensors.cpu12.frequency0=3900000000.00 Hz
hw.sensors.cpu14.frequency0=3900000000.00 Hz
hw.sensors.ksmn0.temp0=83.12 degC (Tctl)
hw.sensors.it0.temp0=83.00 degC
hw.sensors.it0.temp1=49.00 degC
hw.sensors.it0.temp2=200.00 degC
hw.sensors.it0.fan0=0 RPM
hw.sensors.it0.fan1=3835 RPM
hw.sensors.it0.fan2=2986 RPM
hw.sensors.it0.volt0=1.74 VDC (VCORE_A)
hw.sensors.it0.volt1=1.62 VDC (VCORE_B)
hw.sensors.it0.volt2=2.67 VDC (+3.3V)
hw.sensors.it0.volt3=3.71 VDC (+5V)
hw.sensors.it0.volt4=10.69 VDC (+12V)
hw.sensors.it0.volt5=-3.24 VDC (-12V)
hw.sensors.it0.volt6=0.57 VDC (-5V)
hw.sensors.it0.volt7=3.68 VDC (+5VSB)
hw.sensors.it0.volt8=2.16 VDC (VBAT)
hw.cpuspeed=3200
hw.setperf=100
hw.vendor=AZW
hw.product=SER
hw.version=Default string
hw.serialno=A58003LH80340
hw.uuid=00020003-0004-0005-0006-000700080009
hw.physmem=13840232448
hw.usermem=13840216064
hw.ncpufound=16
hw.allowpowerdown=1
hw.perfpolicy=manual
hw.smt=0
hw.ncpuonline=8
hw.power=1
hw.ucomnames=

How do I disable logical processors, so that each "CPU" is a physical processor?

I'm using EC2 instance t4g.micro which is arm64, with 1gb ram of the latest ubuntu. I'm using nginx with PHP-FPM for upload and convert pictures using latest image.intervention with GD. My PHP_FPM configuration:

pm = static
pm.max_children = 1
pm.max_requests = 300

And php.ini:

max_execution_time = 5
memory_limit = 100M
opcache.enable = 1
opcache.jit_buffer_size = 50M
opcache.jit = 1255

And yet I keep on getting those messages from time to time on my syslog:

Out of memory: Killed process 510 (php-fpm8.3) total-vm:490452kB, anon-rss:273404kB, file-rss:2944kB, shmem-rss:3840kB, UID:1001 pgtables:708kB oom_score_adj:0
Out of memory: Killed process 510 (php-fpm8.3) total-vm:499780kB, anon-rss:282508kB, file-rss:2944kB, shmem-rss:3968kB, UID:1001 pgtables:720kB oom_score_adj:0
Out of memory: Killed process 20481 (php-fpm8.3) total-vm:495800kB, anon-rss:272472kB, file-rss:2944kB, shmem-rss:3456kB, UID:1001 pgtables:708kB oom_score_adj:0
Out of memory: Killed process 24725 (php-fpm8.3) total-vm:465556kB, anon-rss:247920kB, file-rss:2944kB, shmem-rss:1664kB, UID:1001 pgtables:648kB oom_score_adj:0
Out of memory: Killed process 24732 (php-fpm8.3) total-vm:458888kB, anon-rss:240892kB, file-rss:2816kB, shmem-rss:3456kB, UID:1001 pgtables:624kB oom_score_adj:0
Out of memory: Killed process 24739 (php-fpm8.3) total-vm:458280kB, anon-rss:240372kB, file-rss:2816kB, shmem-rss:3456kB, UID:1001 pgtables:628kB oom_score_adj:0

Sometimes it cause my instance to not respond at all ,not even to SSH, and the CPU reach to 60% precent on AWS monitor and stay there till I manually click on restart instance several times which might cause hard restart. My php script is simple, takes post image file, convert it and save, using image.intervention functions only, no error are thrown. The OOM killed might happened once a week.. I tried tuning my configuration to the lowest possible, decreasing pm.max_requests is not a solution for me. All I want is to avoid OOM intervention, control php to kill request that absorb to much memory before it crushes PHP-FPM. I already modified PHP-FPM service to restart itself on failure, but sometimes it crushes the whole ubuntu system with high CPU and makes it not responding to anything which is what I must avoid in the first place. Could it be a leak on php arm specific instance that x86 might avoid? How can I stable my instance?

I run a linux container on oraclelinux 9 linux host (the host itself runs in a VM). From where does docker read the sysctl params? I try change the default value of a sysctl value which docker uses. For that I executed the following steps on the host - sysctl -w net.ip4.udp_rmem_min=64000000 - sysctl -a | grep ip4.udp_rmem_min -> 64000000 - systemctl restart docker (just to be save) - docker run --rm -it oraclelinux:9 in container - sysctl -a | grep ip4.udp_rmem_min -> 4096 Why is it 4096 and not 64000000? cat /proc/sys/net/ipv4/udp_rmem_min on the host does return 64000000 I also copied a file containing the parameters to /etc/sysctl.d/ and rebooted the machine, same result. Interestingly when I do the same on a Ubuntu 22 machine (bare metal), it works. So from where does docker read the sysctl values in oraclelinux 9/rhel? I assumed it just uses the one from the host or do I have some other issues? I know I could use --sysctl with docker run, but I can't use it like that because I use docker indirectly through kind which doesn't seem to provide any possibility to define --sysctl

Since recently Debian has changed the default behavior for dmesg and I cannot use it simply from my local user. % dmesg dmesg: read kernel buffer failed: Operation not permitted Same goes for: % cat /dev/kmsg cat: /dev/kmsg: Operation not permitted Starring at the bug tracker this lead to: * dmesg: read kernel buffer failed: Operation not permitted How do I change this behavior back to the previous one, where local user are allowed to use dmesg. I could not find a particular group for it (eg. sudoers or something like that).

I have wireguard installed on a Manjaro host, and Debian Server host The following commands show **wireguard** in the results on Manjaro, but nothing on the Debian server, yet the **wireguard** is definitely running on the debian server. systemctl --type=service systemctl --type=service --all systemctl list-unit-files Why does debian server not show any footprint of **wireguard**? and possibly other *services* that I am unable to also see? **EDIT :** systemctl list-unit-files **wg-quick.target** shows up in debian server but nothing still for systemctl -at service

I tried the following: sysctl -w net.ipv6.conf.Ethernet1.200.disable_ipv6=0, but it gave following error:

sysctl: cannot stat /proc/sys/net/ipv6/conf/Ethernet1/200/disable_ipv6: No such file or directory

It should have ideally tried to change in /proc/sys/net/ipv6/conf/Ethernet1.200/disable_ipv6 which it is not I have used echo 0 > /proc/sys/net/ipv6/conf/Ethernet1.200/disable_ipv6, but I need some Linux command that does the same.