|
Bugzilla – Full Text Bug Listing |
| Summary: | systemd-sysctl does not apply sysctl.conf settings | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Stefan Seyfried <seife> |
| Component: | Basesystem | Assignee: | Frederic Crozat <fcrozat> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Major | ||
| Priority: | P5 - None | ||
| Version: | 13.1 Milestone 4 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | Third Party Developer/Partner | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
rpm -q systemd ? Please test with latest systemd package from Factory. susi:~ # zypper up systemd
Loading repository data...
Reading installed packages...
No update candidate for 'systemd-207-3.1.x86_64'. The highest available version is already installed.
Resolving package dependencies...
Nothing to do.
susi:~ # rpm -q systemd
systemd-207-3.1.x86_64
susi:~ # sysctl kernel.sysrq
kernel.sysrq = 176
susi:~ # strace /usr/lib/systemd/systemd-sysctl 2>&1 | grep /etc
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
lstat("/etc", {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
lstat("/etc/sysctl.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
openat(AT_FDCWD, "/etc/sysctl.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 4
open("/etc/sysctl.d/10-abc.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/sysctl.d/90-xyz.conf", O_RDONLY|O_CLOEXEC) = 4
susi:~ # rpm -q --changelog systemd|head -4
* Mon Sep 16 2013 crrodriguez@opensuse.org
- 0008-swap-create-.wants-symlink-to-auto-swap-devices.patch
really fixes the swap unit problem mentioned in previous
commit & the opensuse-factory mailing list.
susi:~ #
The systemd code clearly shows that /etc/sysctl.conf is not used.
However, why bother with reimplementing stuff that's already working well in sysctl(8) from procps package?
Let's just fix the service file.
Something like that (not really tested, I admit) should do just fine:
Index: b/Makefile-man.am
===================================================================
--- a/Makefile-man.am
+++ b/Makefile-man.am
@@ -191,7 +191,6 @@
man/systemd-shutdownd.8 \
man/systemd-shutdownd.socket.8 \
man/systemd-sleep.8 \
- man/systemd-sysctl.8 \
man/systemd-tmpfiles-clean.service.8 \
man/systemd-tmpfiles-clean.timer.8 \
man/systemd-tmpfiles-setup-dev.service.8 \
Index: b/Makefile.am
===================================================================
--- a/Makefile.am
+++ b/Makefile.am
@@ -318,7 +318,6 @@
systemd-reply-password \
systemd-fsck \
systemd-ac-power \
- systemd-sysctl \
systemd-sleep
systemgenerator_PROGRAMS = \
Index: b/units/systemd-sysctl.service.in
===================================================================
--- a/units/systemd-sysctl.service.in
+++ b/units/systemd-sysctl.service.in
@@ -20,8 +20,9 @@
ConditionDirectoryNotEmpty=|/etc/sysctl.d
ConditionDirectoryNotEmpty=|/run/sysctl.d
ConditionPathExistsGlob=|/boot/sysctl.conf-*
+ContidionPathExists=|/etc/sysctl.conf
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-sysctl
+ExecStart=/sbin/sysctl -p
in the changelog of the package, you'll notice :
- systemd-sysctl no longer reads /etc/sysctl.conf however backward
compatbility is to be provides by a symlink created at %post.
and in %post:
# since v207 /etc/sysctl.conf is no longer parsed, however
# backward compatibility is provided by /etc/sysctl.d/99-sysctl.conf
if [ ! -L /etc/sysctl.d/99-sysctl.conf -a -e /etc/sysctl.conf ]; then
/bin/ln -sf /etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf || :
fi
was the symlink not created ?
no: seife@susi:~> ls -l /etc/sysctl.d/ total 0 -rw-r--r-- 1 root root 0 3. Jul 21:02 10-abc.conf -rw-r--r-- 1 root root 0 3. Jul 21:02 90-xyz.conf seife@susi:~> ls -l /etc/sysctl.conf -rw-r--r-- 1 root root 732 30. Mai 2012 /etc/sysctl.conf seife@susi:~> But anyway, the %post solution won't fly if I create a new sysctl.conf and do not update systemd afterwards. Why does systemd need its own, buggy, implementation of sysctl? Why can't it just use the working, documented one from procps? BTW: that %post scriptlet is not present in the package: seife@susi:~> rpm -q --scripts systemd|grep sysctl seife@susi:~> I see, Cristian added it as a triggerpostun on upgrade and not as %post; I'll move it to %post fixed in sr#199623 This is an autogenerated message for OBS integration: This bug (840864) was mentioned in https://build.opensuse.org/request/show/199671 Factory / systemd This is an autogenerated message for OBS integration: This bug (840864) was mentioned in https://build.opensuse.org/request/show/199748 12.3 / systemd openSUSE-SU-2013:1528-1: An update that solves one vulnerability and has three fixes is now available. Category: security (moderate) Bug References: 821800,836932,840055,840864 CVE References: CVE-2013-4288 Sources used: openSUSE 12.3 (src): systemd-195-13.45.1, systemd-mini-195-13.45.1 |
susi:~ # sysctl kernel.sysrq kernel.sysrq = 176 susi:~ # grep kernel.sysrq -r /etc/sysctl.* /etc/sysctl.conf:kernel.sysrq = 1 susi:~ # strace /usr/lib/systemd/systemd-sysctl 2>&1 | grep /etc access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 lstat("/etc", {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0 lstat("/etc/sysctl.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 openat(AT_FDCWD, "/etc/sysctl.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 4 open("/etc/sysctl.d/10-abc.conf", O_RDONLY|O_CLOEXEC) = 4 open("/etc/sysctl.d/90-xyz.conf", O_RDONLY|O_CLOEXEC) = 4 systemd-sysctl ingnores /etc/sysctl.conf sysctl does work: susi:~ # sysctl -p net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.rp_filter = 1 fs.inotify.max_user_watches = 65536 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 net.ipv4.tcp_syncookies = 1 kernel.sysrq = 1 net.ipv4.tcp_ecn = 0 can't we just replace systemd-sysctl with a call to "sysctl -p"?