From ce31ec116f9bf4ad45952b6a200f4181fac311a3 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@sbcglobal.net>
Date: Tue, 13 Sep 2016 21:24:07 -0400
Subject: ./tools/notsd-move

---
 src/grp-initprogs/systemd-sysctl/50-default.sysctl |  40 +++
 src/grp-initprogs/systemd-sysctl/Makefile          |  33 +++
 src/grp-initprogs/systemd-sysctl/sysctl.c          | 287 +++++++++++++++++++++
 src/grp-initprogs/systemd-sysctl/sysctl.d.xml      | 184 +++++++++++++
 .../systemd-sysctl/systemd-sysctl.service.in       |  21 ++
 .../systemd-sysctl/systemd-sysctl.service.xml      | 152 +++++++++++
 6 files changed, 717 insertions(+)
 create mode 100644 src/grp-initprogs/systemd-sysctl/50-default.sysctl
 create mode 100644 src/grp-initprogs/systemd-sysctl/Makefile
 create mode 100644 src/grp-initprogs/systemd-sysctl/sysctl.c
 create mode 100644 src/grp-initprogs/systemd-sysctl/sysctl.d.xml
 create mode 100644 src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.in
 create mode 100644 src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.xml

(limited to 'src/grp-initprogs/systemd-sysctl')

diff --git a/src/grp-initprogs/systemd-sysctl/50-default.sysctl b/src/grp-initprogs/systemd-sysctl/50-default.sysctl
new file mode 100644
index 0000000000..f08f32e849
--- /dev/null
+++ b/src/grp-initprogs/systemd-sysctl/50-default.sysctl
@@ -0,0 +1,40 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See sysctl.d(5) and core(5) for documentation.
+
+# To override settings in this file, create a local file in /etc
+# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
+# there.
+
+# System Request functionality of the kernel (SYNC)
+#
+# Use kernel.sysrq = 1 to allow all keys.
+# See http://fedoraproject.org/wiki/QA/Sysrq for a list of values and keys.
+kernel.sysrq = 16
+
+# Append the PID to the core filename
+kernel.core_uses_pid = 1
+
+# Source route verification
+net.ipv4.conf.default.rp_filter = 1
+net.ipv4.conf.all.rp_filter = 1
+
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.conf.all.accept_source_route = 0
+
+# Promote secondary addresses when the primary address is removed
+net.ipv4.conf.default.promote_secondaries = 1
+net.ipv4.conf.all.promote_secondaries = 1
+
+# Fair Queue CoDel packet scheduler to fight bufferbloat
+net.core.default_qdisc = fq_codel
+
+# Enable hard and soft link protection
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
diff --git a/src/grp-initprogs/systemd-sysctl/Makefile b/src/grp-initprogs/systemd-sysctl/Makefile
new file mode 100644
index 0000000000..3fe12fd460
--- /dev/null
+++ b/src/grp-initprogs/systemd-sysctl/Makefile
@@ -0,0 +1,33 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-sysctl
+systemd_sysctl_SOURCES = \
+	src/sysctl/sysctl.c
+
+systemd_sysctl_LDADD = \
+	libsystemd-shared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-initprogs/systemd-sysctl/sysctl.c b/src/grp-initprogs/systemd-sysctl/sysctl.c
new file mode 100644
index 0000000000..c44aa0aabb
--- /dev/null
+++ b/src/grp-initprogs/systemd-sysctl/sysctl.c
@@ -0,0 +1,287 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "basic/conf-files.h"
+#include "basic/def.h"
+#include "basic/fd-util.h"
+#include "basic/fileio.h"
+#include "basic/hashmap.h"
+#include "basic/log.h"
+#include "basic/path-util.h"
+#include "basic/string-util.h"
+#include "basic/strv.h"
+#include "basic/util.h"
+#include "shared/sysctl-util.h"
+
+static char **arg_prefixes = NULL;
+
+static const char conf_file_dirs[] = CONF_PATHS_NULSTR("sysctl.d");
+
+static int apply_all(Hashmap *sysctl_options) {
+        char *property, *value;
+        Iterator i;
+        int r = 0;
+
+        HASHMAP_FOREACH_KEY(value, property, sysctl_options, i) {
+                int k;
+
+                k = sysctl_write(property, value);
+                if (k < 0) {
+                        log_full_errno(k == -ENOENT ? LOG_INFO : LOG_WARNING, k,
+                                       "Couldn't write '%s' to '%s', ignoring: %m", value, property);
+
+                        if (r == 0 && k != -ENOENT)
+                                r = k;
+                }
+        }
+
+        return r;
+}
+
+static int parse_file(Hashmap *sysctl_options, const char *path, bool ignore_enoent) {
+        _cleanup_fclose_ FILE *f = NULL;
+        int r;
+
+        assert(path);
+
+        r = search_and_fopen_nulstr(path, "re", NULL, conf_file_dirs, &f);
+        if (r < 0) {
+                if (ignore_enoent && r == -ENOENT)
+                        return 0;
+
+                return log_error_errno(r, "Failed to open file '%s', ignoring: %m", path);
+        }
+
+        log_debug("Parsing %s", path);
+        while (!feof(f)) {
+                char l[LINE_MAX], *p, *value, *new_value, *property, *existing;
+                void *v;
+                int k;
+
+                if (!fgets(l, sizeof(l), f)) {
+                        if (feof(f))
+                                break;
+
+                        return log_error_errno(errno, "Failed to read file '%s', ignoring: %m", path);
+                }
+
+                p = strstrip(l);
+                if (!*p)
+                        continue;
+
+                if (strchr(COMMENTS "\n", *p))
+                        continue;
+
+                value = strchr(p, '=');
+                if (!value) {
+                        log_error("Line is not an assignment in file '%s': %s", path, value);
+
+                        if (r == 0)
+                                r = -EINVAL;
+                        continue;
+                }
+
+                *value = 0;
+                value++;
+
+                p = sysctl_normalize(strstrip(p));
+                value = strstrip(value);
+
+                if (!strv_isempty(arg_prefixes)) {
+                        char **i, *t;
+                        STRV_FOREACH(i, arg_prefixes) {
+                                t = path_startswith(*i, "/proc/sys/");
+                                if (t == NULL)
+                                        t = *i;
+                                if (path_startswith(p, t))
+                                        goto found;
+                        }
+                        /* not found */
+                        continue;
+                }
+
+found:
+                existing = hashmap_get2(sysctl_options, p, &v);
+                if (existing) {
+                        if (streq(value, existing))
+                                continue;
+
+                        log_debug("Overwriting earlier assignment of %s in file '%s'.", p, path);
+                        free(hashmap_remove(sysctl_options, p));
+                        free(v);
+                }
+
+                property = strdup(p);
+                if (!property)
+                        return log_oom();
+
+                new_value = strdup(value);
+                if (!new_value) {
+                        free(property);
+                        return log_oom();
+                }
+
+                k = hashmap_put(sysctl_options, property, new_value);
+                if (k < 0) {
+                        log_error_errno(k, "Failed to add sysctl variable %s to hashmap: %m", property);
+                        free(property);
+                        free(new_value);
+                        return k;
+                }
+        }
+
+        return r;
+}
+
+static void help(void) {
+        printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
+               "Applies kernel sysctl settings.\n\n"
+               "  -h --help             Show this help\n"
+               "     --version          Show package version\n"
+               "     --prefix=PATH      Only apply rules with the specified prefix\n"
+               , program_invocation_short_name);
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+        enum {
+                ARG_VERSION = 0x100,
+                ARG_PREFIX
+        };
+
+        static const struct option options[] = {
+                { "help",      no_argument,       NULL, 'h'           },
+                { "version",   no_argument,       NULL, ARG_VERSION   },
+                { "prefix",    required_argument, NULL, ARG_PREFIX    },
+                {}
+        };
+
+        int c;
+
+        assert(argc >= 0);
+        assert(argv);
+
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+
+                switch (c) {
+
+                case 'h':
+                        help();
+                        return 0;
+
+                case ARG_VERSION:
+                        return version();
+
+                case ARG_PREFIX: {
+                        char *p;
+
+                        /* We used to require people to specify absolute paths
+                         * in /proc/sys in the past. This is kinda useless, but
+                         * we need to keep compatibility. We now support any
+                         * sysctl name available. */
+                        sysctl_normalize(optarg);
+
+                        if (startswith(optarg, "/proc/sys"))
+                                p = strdup(optarg);
+                        else
+                                p = strappend("/proc/sys/", optarg);
+                        if (!p)
+                                return log_oom();
+
+                        if (strv_consume(&arg_prefixes, p) < 0)
+                                return log_oom();
+
+                        break;
+                }
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unhandled option");
+                }
+
+        return 1;
+}
+
+int main(int argc, char *argv[]) {
+        int r = 0, k;
+        Hashmap *sysctl_options;
+
+        r = parse_argv(argc, argv);
+        if (r <= 0)
+                return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        umask(0022);
+
+        sysctl_options = hashmap_new(&string_hash_ops);
+        if (!sysctl_options) {
+                r = log_oom();
+                goto finish;
+        }
+
+        r = 0;
+
+        if (argc > optind) {
+                int i;
+
+                for (i = optind; i < argc; i++) {
+                        k = parse_file(sysctl_options, argv[i], false);
+                        if (k < 0 && r == 0)
+                                r = k;
+                }
+        } else {
+                _cleanup_strv_free_ char **files = NULL;
+                char **f;
+
+                r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to enumerate sysctl.d files: %m");
+                        goto finish;
+                }
+
+                STRV_FOREACH(f, files) {
+                        k = parse_file(sysctl_options, *f, true);
+                        if (k < 0 && r == 0)
+                                r = k;
+                }
+        }
+
+        k = apply_all(sysctl_options);
+        if (k < 0 && r == 0)
+                r = k;
+
+finish:
+        hashmap_free_free_free(sysctl_options);
+        strv_free(arg_prefixes);
+
+        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/src/grp-initprogs/systemd-sysctl/sysctl.d.xml b/src/grp-initprogs/systemd-sysctl/sysctl.d.xml
new file mode 100644
index 0000000000..ccf6c8e39f
--- /dev/null
+++ b/src/grp-initprogs/systemd-sysctl/sysctl.d.xml
@@ -0,0 +1,184 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+  This file is part of systemd.
+
+  Copyright 2011 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+<refentry id="sysctl.d"
+    xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>sysctl.d</title>
+    <productname>systemd</productname>
+
+    <authorgroup>
+      <author>
+        <contrib>Developer</contrib>
+        <firstname>Lennart</firstname>
+        <surname>Poettering</surname>
+        <email>lennart@poettering.net</email>
+      </author>
+    </authorgroup>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>sysctl.d</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>sysctl.d</refname>
+    <refpurpose>Configure kernel parameters at boot</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>/etc/sysctl.d/*.conf</filename></para>
+    <para><filename>/run/sysctl.d/*.conf</filename></para>
+    <para><filename>/usr/lib/sysctl.d/*.conf</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>At boot,
+    <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    reads configuration files from the above directories to configure
+    <citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    kernel parameters.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Configuration Format</title>
+
+    <para>The configuration files contain a list of variable
+    assignments, separated by newlines. Empty lines and lines whose
+    first non-whitespace character is <literal>#</literal> or
+    <literal>;</literal> are ignored.</para>
+
+    <para>Note that either <literal>/</literal> or
+    <literal>.</literal> may be used as separators within sysctl
+    variable names. If the first separator is a slash, remaining
+    slashes and dots are left intact. If the first separator is a dot,
+    dots and slashes are interchanged.
+    <literal>kernel.domainname=foo</literal> and
+    <literal>kernel/domainname=foo</literal> are equivalent and will
+    cause <literal>foo</literal> to be written to
+    <filename>/proc/sys/kernel/domainname</filename>. Either
+    <literal>net.ipv4.conf.enp3s0/200.forwarding</literal> or
+    <literal>net/ipv4/conf/enp3s0.200/forwarding</literal> may be used
+    to refer to
+    <filename>/proc/sys/net/ipv4/conf/enp3s0.200/forwarding</filename>.
+    </para>
+
+    <para>The settings configured with <filename>sysctl.d</filename>
+    files will be applied early on boot. The network
+    interface-specific options will also be applied individually for
+    each network interface as it shows up in the system. (More
+    specifically, <filename>net.ipv4.conf.*</filename>,
+    <filename>net.ipv6.conf.*</filename>,
+    <filename>net.ipv4.neigh.*</filename> and
+    <filename>net.ipv6.neigh.*</filename>).</para>
+
+    <para>Many sysctl parameters only become available when certain
+    kernel modules are loaded. Modules are usually loaded on demand,
+    e.g. when certain hardware is plugged in or network brought up.
+    This means that
+    <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    which runs during early boot will not configure such parameters if
+    they become available after it has run. To set such parameters, it
+    is recommended to add an
+    <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+    rule to set those parameters when they become available.
+    Alternatively, a slightly simpler and less efficient option is to
+    add the module to
+    <citerefentry><refentrytitle>modules-load.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+    causing it to be loaded statically before sysctl settings are
+    applied (see example below).</para>
+  </refsect1>
+
+  <xi:include href="standard-conf.xml" xpointer="confd" />
+
+  <refsect1>
+    <title>Examples</title>
+    <example>
+      <title>Set kernel YP domain name</title>
+      <para><filename>/etc/sysctl.d/domain-name.conf</filename>:
+      </para>
+
+      <programlisting>kernel.domainname=example.com</programlisting>
+    </example>
+
+    <example>
+      <title>Apply settings available only when a certain module is loaded (method one)</title>
+      <para><filename>/etc/udev/rules.d/99-bridge.rules</filename>:
+      </para>
+
+      <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \
+      RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge"
+</programlisting>
+
+      <para><filename>/etc/sysctl.d/bridge.conf</filename>:
+      </para>
+
+      <programlisting>net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+</programlisting>
+
+      <para>This method applies settings when the module is
+      loaded. Please note that, unless the <filename>br_netfilter</filename>
+      module is loaded, bridged packets will not be filtered by
+      Netfilter (starting with kernel 3.18), so simply not loading the
+      module is sufficient to avoid filtering.</para>
+    </example>
+
+    <example>
+      <title>Apply settings available only when a certain module is loaded (method two)</title>
+      <para><filename>/etc/modules-load.d/bridge.conf</filename>:
+      </para>
+
+      <programlisting>br_netfilter</programlisting>
+
+      <para><filename>/etc/sysctl.d/bridge.conf</filename>:
+      </para>
+
+      <programlisting>net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+</programlisting>
+
+      <para>This method forces the module to be always loaded. Please
+      note that, unless the <filename>br_netfilter</filename> module is
+      loaded, bridged packets will not be filtered with Netfilter
+      (starting with kernel 3.18), so simply not loading the module is
+      sufficient to avoid filtering.</para>
+    </example>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>sysctl.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+
+</refentry>
diff --git a/src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.in b/src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.in
new file mode 100644
index 0000000000..d784c6426d
--- /dev/null
+++ b/src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.in
@@ -0,0 +1,21 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Apply Kernel Variables
+Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5)
+DefaultDependencies=no
+Conflicts=shutdown.target
+After=systemd-modules-load.service
+Before=sysinit.target shutdown.target
+ConditionPathIsReadWrite=/proc/sys/
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@rootlibexecdir@/systemd-sysctl
+TimeoutSec=90s
diff --git a/src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.xml b/src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.xml
new file mode 100644
index 0000000000..686b2cdef4
--- /dev/null
+++ b/src/grp-initprogs/systemd-sysctl/systemd-sysctl.service.xml
@@ -0,0 +1,152 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+<refentry id="systemd-sysctl.service"
+    xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>systemd-sysctl.service</title>
+    <productname>systemd</productname>
+
+    <authorgroup>
+      <author>
+        <contrib>Developer</contrib>
+        <firstname>Lennart</firstname>
+        <surname>Poettering</surname>
+        <email>lennart@poettering.net</email>
+      </author>
+    </authorgroup>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd-sysctl.service</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd-sysctl.service</refname>
+    <refname>systemd-sysctl</refname>
+    <refpurpose>Configure kernel parameters at boot</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>/usr/lib/systemd/systemd-sysctl</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
+      <arg choice="opt" rep="repeat"><replaceable>CONFIGFILE</replaceable></arg>
+    </cmdsynopsis>
+    <para><filename>systemd-sysctl.service</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><filename>systemd-sysctl.service</filename> is an early boot
+    service that configures
+    <citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    kernel parameters by invoking <command>/usr/lib/systemd/systemd-sysctl</command>.</para>
+
+    <para>When invoked with no arguments, <command>/usr/lib/systemd/systemd-sysctl</command> applies
+    all directives from configuration files listed in
+    <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+    If one or more filenames are passed on the command line, only the directives in these files are
+    applied.</para>
+
+    <para>In addition, <option>--prefix=</option> option may be used to limit which sysctl
+    settings are applied.</para>
+
+    <para>See
+    <citerefentry project='man-pages'><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    for information about the configuration of sysctl settings. After sysctl configuration is
+    changed on disk, it must be written to the files in <filename>/proc/sys</filename> before it
+    takes effect. It is possible to update specific settings, or simply to reload all configuration,
+    see Examples below.</para>
+  </refsect1>
+
+  <refsect1><title>Options</title>
+    <variablelist>
+      <varlistentry id='prefix'>
+        <term><option>--prefix=</option></term>
+        <listitem>
+          <para>Only apply rules with the specified prefix.</para>
+        </listitem>
+      </varlistentry>
+
+      <xi:include href="standard-options.xml" xpointer="help" />
+      <xi:include href="standard-options.xml" xpointer="version" />
+
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>Examples</title>
+
+    <example>
+      <title>Reset all sysctl settings</title>
+
+      <programlisting>systemctl restart systemd-sysctl</programlisting>
+    </example>
+
+    <example>
+      <title>View coredump handler configuration</title>
+
+      <programlisting># sysctl kernel.core_pattern
+kernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t %P %I
+</programlisting>
+    </example>
+
+    <example>
+      <title>Update coredump handler configuration</title>
+
+      <programlisting># /usr/lib/systemd/systemd-sysctl --prefix kernel.core_pattern</programlisting>
+
+      <para>This searches all the directories listed in
+      <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      for configuration files and writes <filename>/proc/sys/kernel/core_pattern</filename>.</para>
+    </example>
+
+    <example>
+      <title>Update coredump handler configuration according to a specific file</title>
+
+      <programlisting># /usr/lib/systemd/systemd-sysctl 50-coredump.conf</programlisting>
+
+      <para>This applies all the settings found in <filename>50-coredump.conf</filename>.
+      Either <filename>/etc/sysctl.d/50-coredump.conf</filename>, or
+      <filename>/run/sysctl.d/50-coredump.conf</filename>, or
+      <filename>/usr/lib/sysctl.d/50-coredump.conf</filename> will be used, in the order
+      of preference.</para>
+    </example>
+
+    <para>See
+    <citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    for various ways to directly apply sysctl settings.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+    </para>
+  </refsect1>
+
+</refentry>
-- 
cgit v1.2.3-54-g00ecf