Commit 5ae3b7b5 authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import imports/r9/rocky-release-8.6-2.el8

parents
# These defaults are from upstream and are not patched into systemd like in el8
# https://bugzilla.redhat.com/show_bug.cgi?id=1689346
kernel.kptr_restrict = 1
# Source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.*.rp_filter = 1
-net.ipv4.conf.all.rp_filter
# These defaults are from upstream and are not patched into systemd like in el8
# https://bugzilla.redhat.com/show_bug.cgi?id=1689346
kernel.kptr_restrict = 1
# Source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.*.rp_filter = 1
-net.ipv4.conf.all.rp_filter
# We enable all display managers by default. Since only one can
# actually be enabled at the same time the one which is installed
# first wins
enable gdm.service
enable lightdm.service
enable slim.service
enable lxdm.service
enable sddm.service
enable kdm.service
enable xdm.service
# We enable all display managers by default. Since only one can
# actually be enabled at the same time the one which is installed
# first wins
enable gdm.service
enable lightdm.service
enable slim.service
enable lxdm.service
enable sddm.service
enable kdm.service
enable xdm.service
# Enable the D-Bus service (including its socket for socket activation)
# unconditionally. It is used throughout Fedora and required on all machines.
# https://src.fedoraproject.org/rpms/fedora-release/pull-request/4
# https://fedoraproject.org/w/index.php?title=Starting_services_by_default&oldid=377748
enable dbus.socket
enable dbus-broker.service
# Socket-activated pipewire service for individual user sessions
# https://bugzilla.redhat.com/show_bug.cgi?id=1592434
enable pipewire.socket
# Enable the PipeWire PulseAudio compatibility socket interface
# https://bugzilla.redhat.com/show_bug.cgi?id=1904239
# https://bugzilla.redhat.com/show_bug.cgi?id=1907906
# https://fedoraproject.org/wiki/Changes/DefaultPipeWire
enable pipewire-pulse.socket
# https://bugzilla.redhat.com/show_bug.cgi?id=1976006
enable pipewire-media-session.service
# https://bugzilla.redhat.com/show_bug.cgi?id=2022717
enable wireplumber.service
# Enable the D-Bus service (including its socket for socket activation)
# unconditionally. It is used throughout Fedora and required on all machines.
# https://src.fedoraproject.org/rpms/fedora-release/pull-request/4
# https://fedoraproject.org/w/index.php?title=Starting_services_by_default&oldid=377748
enable dbus.socket
enable dbus-broker.service
# Socket-activated pipewire service for individual user sessions
# https://bugzilla.redhat.com/show_bug.cgi?id=1592434
enable pipewire.socket
# Enable the PipeWire PulseAudio compatibility socket interface
# https://bugzilla.redhat.com/show_bug.cgi?id=1904239
# https://bugzilla.redhat.com/show_bug.cgi?id=1907906
# https://fedoraproject.org/wiki/Changes/DefaultPipeWire
enable pipewire-pulse.socket
# https://bugzilla.redhat.com/show_bug.cgi?id=1976006
enable pipewire-media-session.service
# https://bugzilla.redhat.com/show_bug.cgi?id=2022717
enable wireplumber.service
# Also see:
# https://fedoraproject.org/wiki/Starting_services_by_default
disable systemd-timesyncd.service
disable systemd-resolved.service
# systemd
enable remote-fs.target
enable getty@tty1.service
# System stuff
enable sshd.service
enable atd.*
enable crond.*
enable chronyd.service
enable rpcbind.*
enable NetworkManager.service
enable NetworkManager-dispatcher.service
enable ModemManager.service
enable auditd.service
enable restorecond.service
enable bluetooth.*
enable avahi-daemon.*
enable cups.*
# The various syslog implementations
enable rsyslog.*
enable syslog-ng.*
enable sysklogd.*
# Network facing
enable firewalld.service
enable xinetd.service
enable ladvd.service
# Virtualization driver specific daemons. Start by defalt at boot for VM
# autostart, but shutdown after 2 mins and socket activated thereafter
enable virtqemud.service
# Compatibility with libvirtd sockets for old clients and expose TCP sockets
enable virtproxyd.socket
# Secondary drivers providing supporting functionality to main virtualization
# drivers, socket activated only when required
enable virtinterfaced.socket
enable virtnetworkd.socket
enable virtnodedevd.socket
enable virtnwfilterd.socket
enable virtsecretd.socket
enable virtstoraged.socket
# Storage
enable multipathd.service
enable libstoragemgmt.service
enable lvm2-lvmpolld.socket
enable lvm2-monitor.*
enable lvm2-lvmetad.*
enable dm-event.*
enable dmraid-activation.service
# https://bugzilla.redhat.com/show_bug.cgi?id=855372
enable mdmonitor.service
enable mdmonitor-takeover.service
# https://bugzilla.redhat.com/show_bug.cgi?id=876237
enable spice-vdagentd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=885406
enable qemu-guest-agent.service
# https://bugzilla.redhat.com/show_bug.cgi?id=928726
enable dnf-makecache.timer
# https://bugzilla.redhat.com/show_bug.cgi?id=957135
enable vmtoolsd.service
# mcelog is a utility that collects and decodes Machine Check Exception data
# on x86-32 and x86-64 systems.
# https://bugzilla.redhat.com/show_bug.cgi?id=1302179
enable mcelog.service
#https://bugzilla.redhat.com/show_bug.cgi?id=995987
enable kdump.service
#https://bugzilla.redhat.com/show_bug.cgi?id=1009970
enable tuned.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1215645
enable unbound-anchor.timer
# Enable SSSD Kerberos Credential Cache Server
# https://bugzilla.redhat.com/show_bug.cgi?id=1558927
enable sssd-kcm.socket
# https://bugzilla.redhat.com/show_bug.cgi?id=1578833
enable sssd.service
# Hardware
enable gpm.*
enable gpsd.*
enable irqbalance.service
enable lm_sensors.service
enable mcelog.*
enable microcode.service
enable smartd.service
enable pcscd.socket
enable rngd.service
# Other stuff
enable abrtd.service
enable abrt-journal-core.service
enable abrt-oops.service
enable abrt-xorg.service
enable abrt-vmcore.service
enable lttng-sessiond.service
enable ksm.service
enable ksmtuned.service
enable rootfs-resize.service
enable sysstat.service
enable uuidd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1193616
enable hypervfcopyd.service
enable hypervkvpd.service
enable hypervvssd.service
# Desktop stuff
enable accounts-daemon.service
enable rtkit-daemon.service
enable upower.service
enable udisks2.service
enable packagekit-offline-update.service
enable PackageKit.service
# https://bugzilla.redhat.com/show_bug.cgi?id=2011240
enable power-profiles-daemon.service
# Initial Setup reconfiguration service
enable initial-setup-reconfiguration.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1312446
enable opal-prd.service
# virtlog.service is sometimes used by VMs started by libvirt.service
# Enable virtlog.socket to have it socket activated
# https://bugzilla.redhat.com/show_bug.cgi?id=1325503
enable virtlogd.socket
# https://bugzilla.redhat.com/show_bug.cgi?id=1271839
enable rhsmcertd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1359645
enable brandbot.*
# https://bugzilla.redhat.com/show_bug.cgi?id=1572550
enable timedatex.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1578870
enable selinux-autorelabel-mark.service
enable rhel-configure.service
enable rhel-dmesg.service
# https://github.com/fedora-sysv/initscripts/commit/37109fdf9808
enable nis-domainname.service
enable import-state.service
enable loadmodules.service
enable readonly-root.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1630200
# s390x specific services
enable cpi.service
enable device_cio_free.service
# Enable the stratis daemon for managing stratis storage
# https://bugzilla.redhat.com/show_bug.cgi?id=1632510
enable stratisd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1817591
enable mlocate-updatedb.timer
# nvme auto connect
# https://bugzilla.redhat.com/show_bug.cgi?id=1805466
enable nvmefc-boot-connections.service
# OSTree based systems need to remount /sysroot and
# /var as rw via ostree-remount.service
# ignored by non-OSTree based systems
# https://bugzilla.redhat.com/show_bug.cgi?id=1848453
enable ostree-remount.service
# DBus needed by Anaconda
enable dbus.socket
enable dbus-broker.service
# Enable iscsi service files
# https://bugzilla.redhat.com/show_bug.cgi?id=1930458
enable iscsi.service
enable iscsid.socket
enable iscsiuio.socket
enable iscsi-onboot.service
# Enable logrotate.timer
# https://bugzilla.redhat.com/show_bug.cgi?id=1977865
enable logrotate.timer
# Enable greenboot
# https://bugzilla.redhat.com/show_bug.cgi?id=2005552
enable greenboot-grub2-set-counter.service
enable greenboot-grub2-set-success.service
enable greenboot-healthcheck.service
enable greenboot-rpm-ostree-grub2-check-fallback.service
enable greenboot-status.service
enable greenboot-task-runner.service
enable redboot-auto-reboot.service
enable redboot-task-runner.service
# https://bugzilla.redhat.com/show_bug.cgi?id=2013299
enable low-memory-monitor.service
# https://bugzilla.redhat.com/show_bug.cgi?id=2049627
enable switcheroo-control.service
# Also see:
# https://fedoraproject.org/wiki/Starting_services_by_default
disable systemd-timesyncd.service
disable systemd-resolved.service
# systemd
enable remote-fs.target
enable getty@tty1.service
# System stuff
enable sshd.service
enable atd.*
enable crond.*
enable chronyd.service
enable rpcbind.*
enable NetworkManager.service
enable NetworkManager-dispatcher.service
enable ModemManager.service
enable auditd.service
enable restorecond.service
enable bluetooth.*
enable avahi-daemon.*
enable cups.*
# The various syslog implementations
enable rsyslog.*
enable syslog-ng.*
enable sysklogd.*
# Network facing
enable firewalld.service
enable xinetd.service
enable ladvd.service
# Virtualization driver specific daemons. Start by defalt at boot for VM
# autostart, but shutdown after 2 mins and socket activated thereafter
enable virtqemud.service
# Compatibility with libvirtd sockets for old clients and expose TCP sockets
enable virtproxyd.socket
# Secondary drivers providing supporting functionality to main virtualization
# drivers, socket activated only when required
enable virtinterfaced.socket
enable virtnetworkd.socket
enable virtnodedevd.socket
enable virtnwfilterd.socket
enable virtsecretd.socket
enable virtstoraged.socket
# Storage
enable multipathd.service
enable libstoragemgmt.service
enable lvm2-lvmpolld.socket
enable lvm2-monitor.*
enable lvm2-lvmetad.*
enable dm-event.*
enable dmraid-activation.service
# https://bugzilla.redhat.com/show_bug.cgi?id=855372
enable mdmonitor.service
enable mdmonitor-takeover.service
# https://bugzilla.redhat.com/show_bug.cgi?id=876237
enable spice-vdagentd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=885406
enable qemu-guest-agent.service
# https://bugzilla.redhat.com/show_bug.cgi?id=928726
enable dnf-makecache.timer
# https://bugzilla.redhat.com/show_bug.cgi?id=957135
enable vmtoolsd.service
# mcelog is a utility that collects and decodes Machine Check Exception data
# on x86-32 and x86-64 systems.
# https://bugzilla.redhat.com/show_bug.cgi?id=1302179
enable mcelog.service
#https://bugzilla.redhat.com/show_bug.cgi?id=995987
enable kdump.service
#https://bugzilla.redhat.com/show_bug.cgi?id=1009970
enable tuned.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1215645
enable unbound-anchor.timer
# Enable SSSD Kerberos Credential Cache Server
# https://bugzilla.redhat.com/show_bug.cgi?id=1558927
enable sssd-kcm.socket
# https://bugzilla.redhat.com/show_bug.cgi?id=1578833
enable sssd.service
# Hardware
enable gpm.*
enable gpsd.*
enable irqbalance.service
enable lm_sensors.service
enable mcelog.*
enable microcode.service
enable smartd.service
enable pcscd.socket
enable rngd.service
# Other stuff
enable abrtd.service
enable abrt-journal-core.service
enable abrt-oops.service
enable abrt-xorg.service
enable abrt-vmcore.service
enable lttng-sessiond.service
enable ksm.service
enable ksmtuned.service
enable rootfs-resize.service
enable sysstat.service
enable uuidd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1193616
enable hypervfcopyd.service
enable hypervkvpd.service
enable hypervvssd.service
# Desktop stuff
enable accounts-daemon.service
enable rtkit-daemon.service
enable upower.service
enable udisks2.service
enable packagekit-offline-update.service
enable PackageKit.service
# https://bugzilla.redhat.com/show_bug.cgi?id=2011240
enable power-profiles-daemon.service
# Initial Setup reconfiguration service
enable initial-setup-reconfiguration.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1312446
enable opal-prd.service
# virtlog.service is sometimes used by VMs started by libvirt.service
# Enable virtlog.socket to have it socket activated
# https://bugzilla.redhat.com/show_bug.cgi?id=1325503
enable virtlogd.socket
# https://bugzilla.redhat.com/show_bug.cgi?id=1271839
enable rhsmcertd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1359645
enable brandbot.*
# https://bugzilla.redhat.com/show_bug.cgi?id=1572550
enable timedatex.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1578870
enable selinux-autorelabel-mark.service
enable rhel-configure.service
enable rhel-dmesg.service
# https://github.com/fedora-sysv/initscripts/commit/37109fdf9808
enable nis-domainname.service
enable import-state.service
enable loadmodules.service
enable readonly-root.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1630200
# s390x specific services
enable cpi.service
enable device_cio_free.service
# Enable the stratis daemon for managing stratis storage
# https://bugzilla.redhat.com/show_bug.cgi?id=1632510
enable stratisd.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1817591
enable mlocate-updatedb.timer
# nvme auto connect
# https://bugzilla.redhat.com/show_bug.cgi?id=1805466
enable nvmefc-boot-connections.service
# OSTree based systems need to remount /sysroot and
# /var as rw via ostree-remount.service
# ignored by non-OSTree based systems
# https://bugzilla.redhat.com/show_bug.cgi?id=1848453
enable ostree-remount.service
# DBus needed by Anaconda
enable dbus.socket
enable dbus-broker.service
# Enable iscsi service files
# https://bugzilla.redhat.com/show_bug.cgi?id=1930458
enable iscsi.service
enable iscsid.socket
enable iscsiuio.socket
enable iscsi-onboot.service
# Enable greenboot
# https://bugzilla.redhat.com/show_bug.cgi?id=2005552
enable greenboot-grub2-set-counter.service
enable greenboot-grub2-set-success.service
enable greenboot-healthcheck.service
enable greenboot-rpm-ostree-grub2-check-fallback.service
enable greenboot-status.service
enable greenboot-task-runner.service
enable redboot-auto-reboot.service
enable redboot-task-runner.service
# https://bugzilla.redhat.com/show_bug.cgi?id=2013299
enable low-memory-monitor.service
# Final disable all
disable *
# Final disable all
disable *
# Community Charter
The Community Charter of the Rocky Enterprise Software Foundation
### Preamble
Enterprise organizations are becoming concerned with using open source software
due to recent events where projects have changed licensing or pivoted to limit
usage due to competition, business models, conflicts of interest, or other
motivation.
We do not assume the open source mindset lightly. It is not a marketing tool, or
a business endeavor. Open source is a development model designed to engage and
foster collaboration and usage. It is a decision which should be carefully
considered, as it should be expected that others, including competitors, will
make use of the technologies that are created by it.
The Rocky Enterprise Software Foundation (RESF) has been created to organize a
community around enterprise, research, academia, individuals, and other
institutions to collaborate on building and maintaining the open source tools
that these organizations need.
Our mission is to provide the confidence and stability necessary to build on
open source projects. Together, we can create a stable foundation of open source
software that companies can use internally, or as the basis for their commercial
needs.
### Purpose
The purpose of this document is to define the vision, mission, principles, and
values of the Rocky Enterprise Software Foundation. We stand together,
voluntarily accountable to this charter by our peers and the enterprise
community at large.
### Vision
A community of individuals and organizations, committed to working together to
provide a stable foundation of open source software within the enterprise.
### Mission
- Build a community of individuals and organizations to develop and foster
enterprise-grade, open source solutions. - Work together to provide for the
needs of the enterprise community. - The security, stability, and integrity of
our projects are paramount. - Enable knowledge sharing, inclusiveness,
collaboration, and open communication. - Coordinate with the commercial,
research, academic, and public sectors to help bring their products,
technologies, and support into enterprise environments. - Always make decisions
in the best interest of the enterprise community while being beholden to no
specific organization(s)
### Principles
Principles are fundamental truths, immutable, and they guide the decisions we
make and the goals that we set. No action can be made by us that is contrary to
the following principles:
- Community responsibility. The Rocky Enterprise Software Foundation is
responsible and accountable only to the community that consumes its projects.
RESF shall be structured and governed in a way that ensures that no single
entity, organization, corporation, association, etc. will be permitted to have a
controlling influence over the RESF or its projects.
- Our projects are free and open source. With few exceptions (branding, legal,
etc.), the work generated by the RESF and its community will be released under
an existing OSI permissive open source license (non-copyleft).
- Trust is paramount. While decisions may sometimes need to be made that balance
opposing perspectives, at all times we strive toward building and maintaining
the overall trust such that the community feels confident in leveraging and
standardizing on the resulting work of this organization for both commercial and
internal usage. - Remain transparent. To the degree that we are reasonably able,
the RESF will remain transparent to the community as defined by our data security
policy: https://forums.rockylinux.org/t/rfc-data-classification-policy/1513
- Equality of Opportunity: The RESF will strive to build and maintain a
collaborative and respectful environment that provides equal access to
opportunities and resources for everyone within the community.
### Values
We derive our values from our principles. It is with these values in mind that
we make decisions, always striving to make the best decision possible with the
data we have at hand.
- Be practical. As open source advocates, our inclination toward solving
problems is to use tools that are themselves permissible open source, but the
best practical solution to a problem may preclude that. We use the right tool
for the right job.
- Be reasonable. Respect is given and trust is earned. Input from all
contributors are valued, and all perspectives are sought after and considered.
Knowledge and righteousness does not follow seniority.
- Team ahead of self. Sycophants are not valuable to an organization, but
neither are contrarians. We respectfully vocalize our concerns but pull
together to drive forward once a decision has been reached.
- Enable the enterprise community. While we are starting with creating a stable
downstream enterprise distribution of Linux, our goals are much broader,
including attention to the needs of special interests, project hosting,
education, collaboration, workshops, meetups, and individuals.
- Consider the human. Rocky Linux is developed and supported by a wide group of
diverse individuals from all walks of life. We are strictly apolitical and will
always assume the best intentions of others.
### Get Involved
We welcome feedback for this charter, and we encourage participation and