Kernel tunables (sysctl)
The Linux kernel offers a plethora of knobs under
/proc/sys to control the availability of different features and tune performance parameters.
/proc/sys can be changed directly at runtime, but such changes will not be persisted across reboots.
Persistent settings should be written under
/etc/sysctl.d/ during provisioning, in order to be applied on each boot.
As an example, the Butane snippet below shows how to disable SysRq keys:
variant: fcos version: 1.3.0 storage: files: - path: /etc/sysctl.d/90-sysrq.conf contents: inline: | kernel.sysrq = 0