Merge pull request #776 from exoscale/fix/firewall-sysctl
sysctl: don't modify /etc/sysctl.confTo configure firewall rules, CloudStack
modifies `/etc/sysctl.conf` and
execute those modifications. This may be harmful for several reasons:
1. `/etc/sysctl.conf` may be managed by some configuration management
system. Such a system will constantly restore the previous version.
2. `/etc/sysctl.conf` may contain additional properties that have been
changed later by some system administrator (for example, once a
firewall has been configured, forwarding may have been activated
while it is disabled in `/etc/sysctl.conf`). Executing the file
again at a later time may disrupt the system.
3. Entries are added again and again. `/etc/sysctl.conf` will contain
the same directives repeated several times.
Using a configuration file is not needed as `sysctl` is able to directly
modify sysctl values with `-w` flag.
Signed-off-by: Vincent Bernat <[email protected]>
* pr/776:
sysctl: don't modify /etc/sysctl.conf
Signed-off-by: Wido den Hollander <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/28d18dce
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/28d18dce
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/28d18dce
Branch: refs/heads/master
Commit: 28d18dce002701a0a8e8aa00f2870969bece0330
Parents: 1bc8b6b f2b8f2e
Author: Wido den Hollander <[email protected]>
Authored: Wed Sep 9 10:29:20 2015 +0200
Committer: Wido den Hollander <[email protected]>
Committed: Wed Sep 9 10:29:20 2015 +0200
----------------------------------------------------------------------
.../scripts/vm/hypervisor/ovm/OvmSecurityGroupModule.py | 10 +++-------
scripts/vm/network/security_group.py | 10 +++-------
2 files changed, 6 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
