From c96de4bab61768470e2ab47871efcfcb13e67779 Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Mon, 30 Nov 2020 17:28:54 +0100
Subject: [PATCH 1/2] Import existing /etc/sysctl.conf

---
 install.sh                 |  1 +
 misc_etc_files/sysctl.conf | 43 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 misc_etc_files/sysctl.conf

diff --git a/install.sh b/install.sh
index ef04b9b..ed0f448 100755
--- a/install.sh
+++ b/install.sh
@@ -207,6 +207,7 @@ done
 install_symlink /usr/bin/prun                             "$DESTDIR$usrlocal_prefix/package/bin/prun"
 install_symlink /usr/bin/ptype                            "$DESTDIR$usrlocal_prefix/package/bin/ptype"
 install_symlink /usr/bin/pman                             "$DESTDIR$usrlocal_prefix/package/bin/pman"
+install_data misc_etc_files/sysctl.conf                   "$DESTDIR$sysconfdir/sysctl.conf"
 
 postinstall
 exit
diff --git a/misc_etc_files/sysctl.conf b/misc_etc_files/sysctl.conf
new file mode 100644
index 0000000..e0e23fa
--- /dev/null
+++ b/misc_etc_files/sysctl.conf
@@ -0,0 +1,43 @@
+#
+# alloc() - return NULL when no more memory can be allocated..
+#
+vm.overcommit_memory        = 2
+vm.overcommit_ratio         = 100
+
+#
+# some network pimping..
+#
+net.ipv4.ipfrag_low_thresh  = 524288
+net.ipv4.ipfrag_high_thresh = 524288
+
+# You should consider increasing this number to at least 256k for nfsd.
+#net.core.rmem_default = 262144
+#net.core.rmem_max = 262144
+
+# likely not enough, nfs4 problems in cluster
+# rpc-srv/tcp: nfsd: sent only 949168 when sending 1048640 bytes - shutting down socket
+net.core.rmem_max = 16777216
+net.core.wmem_max = 16777216
+net.core.rmem_default = 262144
+net.core.wmem_default = 262144
+net.ipv4.tcp_rmem = 4096 87380 16777216
+net.ipv4.tcp_wmem = 4096 65536 16777216
+net.ipv4.tcp_mem  = 16777216 16777216 16777216
+net.ipv4.route.flush = 1
+
+# exploit fix for linux < 2.6.32rc6
+# vm.mmap_min_addr = 4096
+
+
+# don't arp reply on all interfaces
+net.ipv4.conf.all.arp_filter = 1
+
+# disable ipv6
+net.ipv6.conf.all.disable_ipv6 = 1
+
+# on user request increase the number of inode watches.
+# 256k should be fine. (default is 8k)
+fs.inotify.max_user_watches = 262144
+
+kernel.shmmax = 34359738368
+kernel.shmall = 34359738368

From 82d2618a87c3568509d4f6318b4aebbb3e1acabc Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Mon, 30 Nov 2020 17:33:33 +0100
Subject: [PATCH 2/2] Allow CPU event access by users

---
 misc_etc_files/sysctl.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/misc_etc_files/sysctl.conf b/misc_etc_files/sysctl.conf
index e0e23fa..1887b7e 100644
--- a/misc_etc_files/sysctl.conf
+++ b/misc_etc_files/sysctl.conf
@@ -41,3 +41,7 @@ fs.inotify.max_user_watches = 262144
 
 kernel.shmmax = 34359738368
 kernel.shmall = 34359738368
+
+# user request: Allow CPU event access by users without CAP_SYS_ADMIN
+
+kernel.perf_event_paranoid = 1