From 565ff136e5f1e714b4094fcd9cfdf99a0fb99850 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed, 8 Apr 2020 21:04:02 +0000
Subject: [PATCH] vm.swappiness=1

import from swappiness-lowest

https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278
---
 debian/control                     | 5 ++++-
 etc/sysctl.d/30_security-misc.conf | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index d5b9b0d..bd82bae 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Package: security-misc
 Architecture: all
 Depends: python3, libglib2.0-bin, libpam-runtime, sudo, adduser, libcap2-bin,
  apparmor-profile-dist, helper-scripts, ${misc:Depends}
-Replaces: tcp-timestamps-disable, anon-gpg-tweaks
+Replaces: tcp-timestamps-disable, anon-gpg-tweaks, swappiness-lowest
 Description: enhances misc security settings
  Inspired by Kernel Self Protection Project (KSPP)
  .
@@ -280,6 +280,9 @@ Description: enhances misc security settings
  `/etc/systemd/system/emergency.service.d/override.conf`
  `/etc/systemd/system/rescue.service.d/override.conf`
  .
+ Let the kernel only swap if it is absolutely necessary.
+ `/etc/sysctl.d/30_security-misc.conf`
+ .
  Disables TCP Time Stamps:
  .
  TCP time stamps (RFC 1323) allow for tracking clock
diff --git a/etc/sysctl.d/30_security-misc.conf b/etc/sysctl.d/30_security-misc.conf
index 0fed8d0..1ebd116 100644
--- a/etc/sysctl.d/30_security-misc.conf
+++ b/etc/sysctl.d/30_security-misc.conf
@@ -139,3 +139,10 @@ dev.tty.ldisc_autoload=0
 ##
 ## https://duasynt.com/blog/linux-kernel-heap-spray
 vm.unprivileged_userfaultfd=0
+
+## Let the kernel only swap if it is absolutely necessary.
+## Better not be set to zero:
+## - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/s-memory-tunables.html
+## - https://en.wikipedia.org/wiki/Swappiness
+vm.swappiness=1
+