From 8f27a2212ee8d6311c88ef4358953ad0d7bfa851 Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Fri, 15 Mar 2013 16:11:56 +0100
Subject: [PATCH 1/1] sysctl: add 50-default.conf

---
 Makefile.am              |  3 +++
 sysctl.d/.gitignore      |  2 +-
 sysctl.d/50-default.conf | 21 +++++++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 sysctl.d/50-default.conf

diff --git a/Makefile.am b/Makefile.am
index 6978bfb9e..f687eca0c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -330,6 +330,9 @@ dist_tmpfiles_DATA = \
 	tmpfiles.d/tmp.conf \
 	tmpfiles.d/x11.conf
 
+dist_sysctl_DATA = \
+	sysctl.d/50-default.conf
+
 if HAVE_SYSV_COMPAT
 dist_tmpfiles_DATA += \
 	tmpfiles.d/legacy.conf
diff --git a/sysctl.d/.gitignore b/sysctl.d/.gitignore
index 7563539ab..e326c180c 100644
--- a/sysctl.d/.gitignore
+++ b/sysctl.d/.gitignore
@@ -1 +1 @@
-/coredump.conf
+/50-coredump.conf
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
new file mode 100644
index 000000000..8d202a63e
--- /dev/null
+++ b/sysctl.d/50-default.conf
@@ -0,0 +1,21 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See sysctl.d(5) and core(5) for for details.
+
+# Append the PID to the core filename
+kernel.core_uses_pid = 1
+
+# Source route verification
+net.ipv4.conf.default.rp_filter = 1
+
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+
+# Enable hard and soft link protection
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
-- 
2.30.2