[Bug 2065439] Re: default globbed sysctls override linux defaults

Ross Vandegrift 2065439 at bugs.launchpad.net
Fri May 10 20:55:44 UTC 2024 

Hi Nick,

Yes I could override the whole file - but I'd have to copy and maintain
the non-wildcard entries myself.  That's more tedious than being able to
correctly override the .default sysctls as usual.

I disagree with your view that these "are just defaults" - they are
more, since they interfere with the kernel's pre-existing method of
configuring defaults for these values.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2065439

Title:
  default globbed sysctls override linux defaults

Status in systemd package in Ubuntu:
  Invalid

Bug description:
  In 22.04, systemd ships the following globbed sysctls:
      $ grep -r -F '*'  /usr/lib/sysctl.d /etc/sysctl.*
      /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.rp_filter = 2
      /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.accept_source_route = 0
      /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.promote_secondaries = 1

  This seems to break linux's built-in .defaults sysctls.  For instance,
  `net.ipv4.conf.default.rp_filter` is ineffective given the above.

  According to sysctl.d(5), they're applied /individually/ when interfaces show up:
  > The settings configured with sysctl.d files will be applied early on boot.
  > The network interface-specific options will also be applied individually for
  > each network interface as it shows up in the system. (More specifically,
  > net.ipv4.conf.*, net.ipv6.conf.*, net.ipv4.neigh.*  and net.ipv6.neigh.*).

  That means something (networkd?) applies
  `net.ipv4.conf.newif.rp_filter=2` when newif appears.  Since that's
  applied to an individual interface, it overrides
  `net.ipv4.conf.default.rp_filter=0` that I've set.  That pretty
  surprising.

  It isn't clear from sysctl.d(5) how to disable this.  With some experimentation, I've come up with:
      -net.ipv4.conf.*.rp_filter
       net.ipv4.conf.all.rp_filter = 0
       net.ipv4.conf.default.rp_filter = 0

  But I'm not sure that first line is valid.  sysctl.d(5) doesn't
  document this case.

  Perhaps the systemd package should not ship globbed sysctls in the
  above-documented network subtrees - are there use cases not covered by
  the .defaults sysctls?

  I haven't checked if later packages continue to ship the above config.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2065439/+subscriptions

More information about the foundations-bugs mailing list