fix(coreos-base/coreos-base): Install sysctl, a little more cleanup.

Pair down the old unused sysctl.conf do what is useful for us and
install it into /usr/lib/sysctl.d for systemd to handle.

Installing /srv in the SDK does no harm so do so.

EAPI=5 because, better.

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild

@@ -1,6 +1,8 @@
 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
 
+EAPI=5
+
 inherit useradd
 
 DESCRIPTION="ChromeOS specific system setup"
@@ -30,6 +32,9 @@ RDEPEND="${DEPEND}
 	sys-apps/systemd
 	"
 
+# no source directory
+S="${WORKDIR}"
+
 # Remove entry from /etc/group
 #
 # $1 - Group name
@@ -94,15 +99,16 @@ pkg_setup() {
 }
 
 src_install() {
-	insinto /etc
-	#doins "${FILESDIR}"/sysctl.conf || die
+	dodir /usr/lib/sysctl.d
+	insinto /usr/lib/sysctl.d
+	newins "${FILESDIR}"/sysctl.conf ${PN}.conf
+
+	# Add a /srv directory for mounting into later
+	dodir /srv
+	keepdir /srv
 
 	# target-specific fun
 	if ! use cros_host ; then
-		# Add a /srv directory for mounting into later
-		dodir /srv
-		keepdir /srv
-
 		# Make mount work in the way systemd prescribes
 		dosym /proc/mounts /etc/mtab
 
@@ -123,8 +129,8 @@ src_install() {
 		insinto /etc/vim
 		doins "${FILESDIR}"/vimrc
 
-		# Symlink /etc/localtime to something on the stateful partition, which we
-		# can then change around at runtime.
+		# Symlink /etc/localtime to something on the stateful partition,
+		# which we can then change around at runtime.
 		dosym /var/lib/timezone/localtime /etc/localtime || die
 
 		# We use mawk in the target boards, not gawk.

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/sysctl.conf

@@ -1,69 +1,13 @@
-# /etc/sysctl.conf
-#
-# For more information on how this file works, please see
-# the manpages sysctl(8) and sysctl.conf(5).
-#
-# In order for this file to work properly, you must first
-# enable 'Sysctl support' in the kernel.
-#
-# Look in /proc/sys/ for all the things you can setup.
-#
+# sysctl defaults for CoreOS
 
-#
-# Original Gentoo settings:
-#
+# Enable IPv4 forwarding to support NAT in containers
+net.ipv4.ip_forward = 1
 
-# Disables packet forwarding
-net.ipv4.ip_forward = 0
-# Disables IP dynaddr
-#net.ipv4.ip_dynaddr = 0
-# Disable ECN
-#net.ipv4.tcp_ecn = 0
 # Enables source route verification
 net.ipv4.conf.default.rp_filter = 1
 # Enable reverse path
 net.ipv4.conf.all.rp_filter = 1
 
-# Enable SYN cookies (yum!)
-# http://cr.yp.to/syncookies.html
-#net.ipv4.tcp_syncookies = 1
-
-# Disable source route
-#net.ipv4.conf.all.accept_source_route = 0
-#net.ipv4.conf.default.accept_source_route = 0
-
-# Disable redirects
-#net.ipv4.conf.all.accept_redirects = 0
-#net.ipv4.conf.default.accept_redirects = 0
-
-# Disable secure redirects
-#net.ipv4.conf.all.secure_redirects = 0
-#net.ipv4.conf.default.secure_redirects = 0
-
-# Ignore ICMP broadcasts
-#net.ipv4.icmp_echo_ignore_broadcasts = 1
-
-# Perform PLPMTUD only after detecting a "blackhole" in old-style PMTUD
-net.ipv4.tcp_mtu_probing = 1
-
-# Disables the magic-sysrq key
-#kernel.sysrq = 0
-# When the kernel panics, automatically reboot in 3 seconds
-#kernel.panic = 3
-# Allow for more PIDs (cool factor!); may break some programs
-#kernel.pid_max = 999999
-
-# You should compile nfsd into the kernel or add it
-# to modules.autoload for this to work properly
-# TCP Port for lock manager
-#fs.nfs.nlm_tcpport = 0
-# UDP Port for lock manager
-#fs.nfs.nlm_udpport = 0
-
-#
-# ChromeOS specific settings:
-#
-
 # Set watchdog_thresh
 kernel.watchdog_thresh = 5
 # When the kernel panics, automatically reboot to preserve dump in ram
@@ -71,26 +15,5 @@ kernel.panic = -1
 # Reboot on oops as well
 kernel.panic_on_oops = 1
 
-# Disable shrinking the cwnd when connection is idle
-net.ipv4.tcp_slow_start_after_idle = 0
-
-# Protect working set in order to avoid thrashing.
-# See http://crosbug.com/7561 for details.
-vm.min_filelist_kbytes = 50000
-
-# Allow full memory overcommit as we rather close or kill tabs than
-# refuse memory to arbitrary core processes.
-vm.overcommit_memory = 1
-
-# Use laptop mode settings always
-vm.dirty_background_ratio = 1
-vm.dirty_expire_centisecs = 60000
-vm.dirty_ratio = 60
-vm.dirty_writeback_centisecs = 60000
-vm.laptop_mode = 0
-
 # Disable kernel address visibility to non-root users.
 kernel.kptr_restrict = 1
-
-# Increase shared memory segment limit for plugins rendering large areas
-kernel.shmmax = 134217728