From 37a7bb4932f9988dba74a63db938099b9ce7fe60 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 22 Aug 2013 18:18:36 -0400
Subject: [PATCH 1/6] fix(coreos-base/coreos-base): Remove old ChromeOS files.

The udev rules are required on our system and refer to non-existent
groups causing udev to spew a bit of useless noise on boot.

The profile.d scripts don't do anything at all.
---
 .../coreos-base/coreos-base-0.ebuild          | 21 -------------------
 .../coreos-base/coreos-base/files/cursor.sh   |  7 -------
 .../coreos-base/files/include-coreos-auth     |  1 -
 .../files/udev-rules/55-serial.rules          |  9 --------
 .../coreos-base/files/udev-rules/99-i2c.rules |  5 -----
 .../files/udev-rules/99-usb-printer.rules     |  8 -------
 .../coreos-base/files/xauthority.sh           |  1 -
 7 files changed, 52 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/cursor.sh
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/include-coreos-auth
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/55-serial.rules
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-i2c.rules
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-usb-printer.rules
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/xauthority.sh

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
index f3b886d870..26bf57ff90 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
@@ -15,7 +15,6 @@ IUSE="cros_host"
 # We need to make sure timezone-data is merged before us.
 # See pkg_setup below as well as http://crosbug.com/27413
 # and friends.
-# TODO: !app-misc/editor-wrapper
 DEPEND="sys-apps/baselayout
 	!<sys-libs/timezone-data-2011d
 	!<=app-admin/sudo-1.8.2
@@ -98,20 +97,12 @@ src_install() {
 	insinto /etc
 	#doins "${FILESDIR}"/sysctl.conf || die
 
-	insinto /etc/profile.d
-	doins "${FILESDIR}"/xauthority.sh || die
-
-	insinto /lib/udev/rules.d
-	doins "${FILESDIR}"/udev-rules/*.rules || die
-
 	# target-specific fun
 	if ! use cros_host ; then
 		# Add a /srv directory for mounting into later
 		dodir /srv
 		keepdir /srv
 
-		dodir /bin /usr/bin
-
 		# Make mount work in the way systemd prescribes
 		dosym /proc/mounts /etc/mtab
 
@@ -138,18 +129,6 @@ src_install() {
 
 		# We use mawk in the target boards, not gawk.
 		dosym mawk /usr/bin/awk || die
-
-		# We want dash as our main shell.
-		#dosym dash /bin/sh
-
-		# Avoid the wrapper and just link to the only editor we have.
-		#dodir /usr/libexec
-		#dosym /usr/bin/vim /usr/libexec/editor || die
-		#dosym /bin/more /usr/libexec/pager || die
-
-		# Custom login shell snippets.
-		insinto /etc/profile.d
-		doins "${FILESDIR}"/cursor.sh
 	fi
 
 	# Add a sudo file for the core use
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/cursor.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/cursor.sh
deleted file mode 100644
index 357f9293ae..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/cursor.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-# We disable vt cursors by default on the kernel command line
-# (so that it doesn't flash when doing boot splash and such).
-#
-# Re-enable it when launching a login shell.  This should only
-# happen when logging in via vt or crosh or ssh and those are
-# all fine.  Login shells shouldn't get launched normally.
-setterm -cursor on
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/include-coreos-auth b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/include-coreos-auth
deleted file mode 100644
index 23073d803d..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/include-coreos-auth
+++ /dev/null
@@ -1 +0,0 @@
-auth include coreos-auth
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/55-serial.rules b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/55-serial.rules
deleted file mode 100644
index ceb492c4b7..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/55-serial.rules
+++ /dev/null
@@ -1,9 +0,0 @@
-# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-KERNEL=="tty[A-Z]*[0-9]", GROUP="serial"
-# Don't allow access to serial interfaces on Gobi modems.
-KERNEL=="tty[A-Z]*[0-9]", ID_USB_DRIVER=="qcserial", GROUP="root"
-# Don't allow access to serial interfaces on Novatel modems.
-KERNEL=="tty[A-Z]*[0-9]", ID_USB_DRIVER=="option", GROUP="root"
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-i2c.rules b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-i2c.rules
deleted file mode 100644
index d094e0fa71..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-i2c.rules
+++ /dev/null
@@ -1,5 +0,0 @@
-# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-KERNEL=="i2c-[0-9]", GROUP="i2c"
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-usb-printer.rules b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-usb-printer.rules
deleted file mode 100644
index 7895571938..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-usb-printer.rules
+++ /dev/null
@@ -1,8 +0,0 @@
-# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-ACTION=="add", SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="07", ATTRS{idProduct}=="*", \
-    PROGRAM="/usr/bin/dbus-send --system --type=method_call --dest=org.chromium.LibCrosService \
-        /org/chromium/LibCrosService org.chromium.LibCrosServiceInterface.PrinterAdded \
-        string:$attr{idVendor} string:$attr{idProduct}"
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/xauthority.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/xauthority.sh
deleted file mode 100644
index 21774859d7..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/xauthority.sh
+++ /dev/null
@@ -1 +0,0 @@
-export XAUTHORITY="/home/chronos/.Xauthority"

From a19498b725505c17aadcdfcf2e3ce7af56426143 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 22 Aug 2013 18:22:06 -0400
Subject: [PATCH 2/6] fix(coreos-base/coreos-base): Update users and groups.

Remove the following unused users/groups:
 - core-access
 - polkituser
 - pkcs11
 - ipsec
 - tor
 - tcpdump
 - debugd
 - openvpn
 - input

Add groups:
 - docker (new group, for things like access to docker socket)
 - systemd-journal (exists in sdk, not images. for journal log access)
 - dialout (exists in sdk, required by default udev rules)

The core user has access to docker and systemd-journal.
---
 .../coreos-base/coreos-base-0.ebuild          | 46 ++++++++-----------
 1 file changed, 18 insertions(+), 28 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
index 26bf57ff90..bd812eb524 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
@@ -159,8 +159,8 @@ pkg_postinst() {
 	# Add a chronos-access group to provide non-chronos users,
 	# mostly system daemons running as a non-chronos user, group permissions
 	# to access files/directories owned by chronos.
-	local system_access_user="core-access"
-	local system_access_id="1001"
+#	local system_access_user="core-access"
+#	local system_access_id="1001"
 
 	local crypted_password='*'
 	[ -r "${SHARED_USER_PASSWD_FILE}" ] &&
@@ -172,28 +172,28 @@ pkg_postinst() {
 	add_shadow "${system_user}" "${crypted_password}"
 
 	copy_or_add_group "${system_user}" "${system_id}"
-	copy_or_add_daemon_user "${system_access_user}" "${system_access_id}"
+#	copy_or_add_daemon_user "${system_access_user}" "${system_access_id}"
 	copy_or_add_daemon_user "messagebus" 201  # For dbus
 	copy_or_add_daemon_user "syslog" 202      # For rsyslog
 	copy_or_add_daemon_user "ntp" 203
 	copy_or_add_daemon_user "sshd" 204
-	copy_or_add_daemon_user "polkituser" 206  # For policykit
+#	copy_or_add_daemon_user "polkituser" 206  # For policykit
 #	copy_or_add_daemon_user "tss" 207         # For trousers (TSS/TPM)
-	copy_or_add_daemon_user "pkcs11" 208      # For pkcs11 clients
+#	copy_or_add_daemon_user "pkcs11" 208      # For pkcs11 clients
 #	copy_or_add_daemon_user "qdlservice" 209  # for QDLService
 #	copy_or_add_daemon_user "cromo" 210       # For cromo (modem manager)
 #	copy_or_add_daemon_user "cashew" 211      # Deprecated, do not reuse
-	copy_or_add_daemon_user "ipsec" 212       # For strongswan/ipsec VPN
+#	copy_or_add_daemon_user "ipsec" 212       # For strongswan/ipsec VPN
 #	copy_or_add_daemon_user "cros-disks" 213  # For cros-disks
-	copy_or_add_daemon_user "tor" 214         # For tor (anonymity service)
-	copy_or_add_daemon_user "tcpdump" 215     # For tcpdump --with-user
-	copy_or_add_daemon_user "debugd" 216      # For debugd
-	copy_or_add_daemon_user "openvpn" 217     # For openvpn
+#	copy_or_add_daemon_user "tor" 214         # For tor (anonymity service)
+#	copy_or_add_daemon_user "tcpdump" 215     # For tcpdump --with-user
+#	copy_or_add_daemon_user "debugd" 216      # For debugd
+#	copy_or_add_daemon_user "openvpn" 217     # For openvpn
 #	copy_or_add_daemon_user "bluetooth" 218   # For bluez
 #	copy_or_add_daemon_user "wpa" 219         # For wpa_supplicant
 #	copy_or_add_daemon_user "cras" 220        # For cras (audio)
 #	copy_or_add_daemon_user "gavd" 221        # For gavd (audio) (deprecated)
-	copy_or_add_daemon_user "input" 222       # For /dev/input/event access
+#	copy_or_add_daemon_user "input" 222       # For /dev/input/event access
 #	copy_or_add_daemon_user "chaps" 223       # For chaps (pkcs11)
 	copy_or_add_daemon_user "dhcp" 224        # For dhcpcd (DHCP client)
 #	copy_or_add_daemon_user "tpmd" 225        # For tpmd
@@ -204,27 +204,17 @@ pkg_postinst() {
 #	copy_or_add_daemon_user "devbroker" 230   # For permission_broker
 #	copy_or_add_daemon_user "xorg" 231        # For Xorg
 	copy_or_add_daemon_user "etcd" 232        # For etcd
-	# Reserve some UIDs/GIDs between 300 and 349 for sandboxing FUSE-based
-	# filesystem daemons.
+	copy_or_add_daemon_user "docker" 233      # For docker
+	copy_or_add_group "systemd-journal" 248   # For journalctl access
+	copy_or_add_group "dialout" 249           # For udev rules
 #	copy_or_add_daemon_user "ntfs-3g" 300     # For ntfs-3g prcoess
 #	copy_or_add_daemon_user "avfs" 301        # For avfs process
 #	copy_or_add_daemon_user "fuse-exfat" 302  # For exfat-fuse prcoess
+#	copy_or_add_group "serial" 402
 
-	# Users which require access to PKCS #11 cryptographic services must be
-	# in the pkcs11 group.
-	remove_all_users_from_group pkcs11
-	add_users_to_group pkcs11 root ipsec "${system_user}"
-
-	# All users accessing opencryptoki database files and all users for
-	# sandboxing FUSE-based filesystem daemons need to be in the
-	# ${system_access_user} group.
-	remove_all_users_from_group "${system_access_user}"
-	add_users_to_group "${system_access_user}" root ipsec "${system_user}" \
-
-	# Dedicated group for owning access to serial devices.
-	copy_or_add_group "serial" 402
-	add_users_to_group "serial" "${system_user}"
-	add_users_to_group "serial" "uucp"
+	# Give the core user access to some system tools
+	add_users_to_group "docker" "${system_user}"
+	add_users_to_group "systemd-journal" "${system_user}"
 
 	# Some default directories. These are created here rather than at
 	# install because some of them may already exist and have mounts.

From a1a5f82b28e65d4686345319d2e36178c10c84da Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 22 Aug 2013 18:30:28 -0400
Subject: [PATCH 3/6] fix(coreos-base/coreos-base): Remove directory creation.

This duplicates sys-apps/baselayout so don't bother. Probably left over
from when baselayout wasn't properly installed with the 'build' use flag
to initialize the filesystem tree.
---
 .../coreos-base/coreos-base/coreos-base-0.ebuild          | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
index bd812eb524..bb128e6296 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
@@ -215,12 +215,4 @@ pkg_postinst() {
 	# Give the core user access to some system tools
 	add_users_to_group "docker" "${system_user}"
 	add_users_to_group "systemd-journal" "${system_user}"
-
-	# Some default directories. These are created here rather than at
-	# install because some of them may already exist and have mounts.
-	for x in /dev /home /media \
-		/proc /root /sys /var/lock; do
-		[ -d "${ROOT}/$x" ] && continue
-		install -d --mode=0755 --owner=root --group=root "${ROOT}/$x"
-	done
 }

From 898a3a3a086de6e37cdceb2afb299a823dffd6e0 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 22 Aug 2013 18:33:16 -0400
Subject: [PATCH 4/6] fix(coreos-base/coreos-base): Change core's shell to
 bash.

It is bash but might as well be explicit about that.
---
 .../coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
index bb128e6296..e6f987cbcd 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
@@ -167,7 +167,7 @@ pkg_postinst() {
 		crypted_password=$(cat "${SHARED_USER_PASSWD_FILE}")
 	remove_user "${system_user}"
 	add_user "${system_user}" "x" "${system_id}" \
-		"${system_id}" "system_user" "${system_home}" /bin/sh
+		"${system_id}" "system_user" "${system_home}" /bin/bash
 	remove_shadow "${system_user}"
 	add_shadow "${system_user}" "${crypted_password}"
 

From cd40d3e46bd4bb49ed381521a679c7910848883d Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 22 Aug 2013 19:07:59 -0400
Subject: [PATCH 5/6] fix(coreos-base/coreos-base): Install sysctl, a little
 more cleanup.

Pair down the old unused sysctl.conf do what is useful for us and
install it into /usr/lib/sysctl.d for systemd to handle.

Installing /srv in the SDK does no harm so do so.

EAPI=5 because, better.
---
 ...-0-r65.ebuild => coreos-base-0-r66.ebuild} |  0
 .../coreos-base/coreos-base-0.ebuild          | 22 +++--
 .../coreos-base/coreos-base/files/sysctl.conf | 83 +------------------
 3 files changed, 17 insertions(+), 88 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/{coreos-base-0-r65.ebuild => coreos-base-0-r66.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r65.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r66.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r65.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r66.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
index e6f987cbcd..2012913b2c 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild
@@ -1,6 +1,8 @@
 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
 
+EAPI=5
+
 inherit useradd
 
 DESCRIPTION="ChromeOS specific system setup"
@@ -30,6 +32,9 @@ RDEPEND="${DEPEND}
 	sys-apps/systemd
 	"
 
+# no source directory
+S="${WORKDIR}"
+
 # Remove entry from /etc/group
 #
 # $1 - Group name
@@ -94,15 +99,16 @@ pkg_setup() {
 }
 
 src_install() {
-	insinto /etc
-	#doins "${FILESDIR}"/sysctl.conf || die
+	dodir /usr/lib/sysctl.d
+	insinto /usr/lib/sysctl.d
+	newins "${FILESDIR}"/sysctl.conf ${PN}.conf
+
+	# Add a /srv directory for mounting into later
+	dodir /srv
+	keepdir /srv
 
 	# target-specific fun
 	if ! use cros_host ; then
-		# Add a /srv directory for mounting into later
-		dodir /srv
-		keepdir /srv
-
 		# Make mount work in the way systemd prescribes
 		dosym /proc/mounts /etc/mtab
 
@@ -123,8 +129,8 @@ src_install() {
 		insinto /etc/vim
 		doins "${FILESDIR}"/vimrc
 
-		# Symlink /etc/localtime to something on the stateful partition, which we
-		# can then change around at runtime.
+		# Symlink /etc/localtime to something on the stateful partition,
+		# which we can then change around at runtime.
 		dosym /var/lib/timezone/localtime /etc/localtime || die
 
 		# We use mawk in the target boards, not gawk.
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/sysctl.conf b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/sysctl.conf
index af9bc7f29b..696d4fe516 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/sysctl.conf
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/sysctl.conf
@@ -1,69 +1,13 @@
-# /etc/sysctl.conf
-#
-# For more information on how this file works, please see
-# the manpages sysctl(8) and sysctl.conf(5).
-#
-# In order for this file to work properly, you must first
-# enable 'Sysctl support' in the kernel.
-#
-# Look in /proc/sys/ for all the things you can setup.
-#
+# sysctl defaults for CoreOS
 
-#
-# Original Gentoo settings:
-#
+# Enable IPv4 forwarding to support NAT in containers
+net.ipv4.ip_forward = 1
 
-# Disables packet forwarding
-net.ipv4.ip_forward = 0
-# Disables IP dynaddr
-#net.ipv4.ip_dynaddr = 0
-# Disable ECN
-#net.ipv4.tcp_ecn = 0
 # Enables source route verification
 net.ipv4.conf.default.rp_filter = 1
 # Enable reverse path
 net.ipv4.conf.all.rp_filter = 1
 
-# Enable SYN cookies (yum!)
-# http://cr.yp.to/syncookies.html
-#net.ipv4.tcp_syncookies = 1
-
-# Disable source route
-#net.ipv4.conf.all.accept_source_route = 0
-#net.ipv4.conf.default.accept_source_route = 0
-
-# Disable redirects
-#net.ipv4.conf.all.accept_redirects = 0
-#net.ipv4.conf.default.accept_redirects = 0
-
-# Disable secure redirects
-#net.ipv4.conf.all.secure_redirects = 0
-#net.ipv4.conf.default.secure_redirects = 0
-
-# Ignore ICMP broadcasts
-#net.ipv4.icmp_echo_ignore_broadcasts = 1
-
-# Perform PLPMTUD only after detecting a "blackhole" in old-style PMTUD
-net.ipv4.tcp_mtu_probing = 1
-
-# Disables the magic-sysrq key
-#kernel.sysrq = 0
-# When the kernel panics, automatically reboot in 3 seconds
-#kernel.panic = 3
-# Allow for more PIDs (cool factor!); may break some programs
-#kernel.pid_max = 999999
-
-# You should compile nfsd into the kernel or add it
-# to modules.autoload for this to work properly
-# TCP Port for lock manager
-#fs.nfs.nlm_tcpport = 0
-# UDP Port for lock manager
-#fs.nfs.nlm_udpport = 0
-
-#
-# ChromeOS specific settings:
-#
-
 # Set watchdog_thresh
 kernel.watchdog_thresh = 5
 # When the kernel panics, automatically reboot to preserve dump in ram
@@ -71,26 +15,5 @@ kernel.panic = -1
 # Reboot on oops as well
 kernel.panic_on_oops = 1
 
-# Disable shrinking the cwnd when connection is idle
-net.ipv4.tcp_slow_start_after_idle = 0
-
-# Protect working set in order to avoid thrashing.
-# See http://crosbug.com/7561 for details.
-vm.min_filelist_kbytes = 50000
-
-# Allow full memory overcommit as we rather close or kill tabs than
-# refuse memory to arbitrary core processes.
-vm.overcommit_memory = 1
-
-# Use laptop mode settings always
-vm.dirty_background_ratio = 1
-vm.dirty_expire_centisecs = 60000
-vm.dirty_ratio = 60
-vm.dirty_writeback_centisecs = 60000
-vm.laptop_mode = 0
-
 # Disable kernel address visibility to non-root users.
 kernel.kptr_restrict = 1
-
-# Increase shared memory segment limit for plugins rendering large areas
-kernel.shmmax = 134217728

From 073071a627ced0c56177e3a8e3e1cb30e98c9909 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 22 Aug 2013 20:30:01 -0400
Subject: [PATCH 6/6] fix(app-emulation/docker): Remove old ebuilds, remove
 sysctl call.

ipv4 forwarding is now enabled in coreos-base via a sysctl config.
---
 .../docker/docker-0.5.0-r1.ebuild             |  1 -
 .../app-emulation/docker/docker-0.5.0.ebuild  | 43 -------------------
 ...0.5.3-r1.ebuild => docker-0.5.3-r2.ebuild} |  0
 .../app-emulation/docker/files/docker.service |  3 --
 4 files changed, 47 deletions(-)
 delete mode 120000 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0-r1.ebuild
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0.ebuild
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-0.5.3-r1.ebuild => docker-0.5.3-r2.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0-r1.ebuild
deleted file mode 120000
index 767049c357..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0-r1.ebuild
+++ /dev/null
@@ -1 +0,0 @@
-docker-0.5.0.ebuild
\ No newline at end of file
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0.ebuild
deleted file mode 100644
index dc0652ad5d..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-# $Header:$
-#
-
-EAPI=2
-EGIT_REPO_URI="https://github.com/dotcloud/docker"
-inherit toolchain-funcs systemd git-2
-
-EGIT_COMMIT="51f6c4a7372450d164c61e0054daf0223ddbd909" # 0.5
-
-DESCRIPTION="Docker container management"
-HOMEPAGE="http://docker.io"
-SRC_URI=""
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="amd64"
-IUSE=""
-
-DEPEND=">=dev-lang/go-1.0.2"
-RDEPEND="
-	app-emulation/lxc
-	net-misc/bridge-utils
-	sys-apps/iproute2
-	app-arch/libarchive
-	net-misc/curl
-	sys-fs/aufs-util
-"
-
-src_compile() {
-	emake
-}
-
-src_install() {
-	dobin ${S}/bin/${PN}
-	keepdir /var/lib/${PN}/graph
-	keepdir /var/lib/${PN}/containers
-	systemd_dounit "${FILESDIR}"/${PN}.service
-	# not enabling by default because it messes up the EC2 169. meta url routing
-	systemd_enable_service multi-user.target ${PN}.service
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.3-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.3-r2.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.3-r1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.3-r2.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
index 119fa86376..e01e0a4e33 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
@@ -1,9 +1,6 @@
 [Service]
 Type=simple
 ExecStartPre=/bin/mount --make-rprivate /
-# Enable forwarding to allow NAT to work
-# TODO: Move this to sysctl.conf
-ExecStartPre=/sbin/sysctl -w net.ipv4.ip_forward=1
 
 # Try to use this alternate way of starting docker if docker crashes for you:
 # ExecStart=/bin/bash -c "/usr/bin/nohup /usr/bin/docker -d -D &"