[Bug 2065439] [NEW] default globbed sysctls override linux defaults

Fri, 10 May 2024 12:35:32 -0700 

Public bug reported:

In 22.04, systemd ships the following globbed sysctls:
    $ grep -r -F '*'  /usr/lib/sysctl.d /etc/sysctl.*
    /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.rp_filter = 2
    /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.accept_source_route = 0
    /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.promote_secondaries = 1

This seems to break linux's built-in .defaults sysctls.  For instance,
`net.ipv4.conf.default.rp_filter` is ineffective given the above.

According to sysctl.d(5), they're applied /individually/ when interfaces show 
up:
> The settings configured with sysctl.d files will be applied early on boot.
> The network interface-specific options will also be applied individually for
> each network interface as it shows up in the system. (More specifically,
> net.ipv4.conf.*, net.ipv6.conf.*, net.ipv4.neigh.*  and net.ipv6.neigh.*).

That means something (networkd?) applies
`net.ipv4.conf.newif.rp_filter=2` when newif appears.  Since that's
applied to an individual interface, it overrides
`net.ipv4.conf.default.rp_filter=0` that I've set.  That pretty
surprising.

It isn't clear from sysctl.d(5) how to disable this.  With some 
experimentation, I've come up with:
    -net.ipv4.conf.*.rp_filter
     net.ipv4.conf.all.rp_filter = 0
     net.ipv4.conf.default.rp_filter = 0

But I'm not sure that first line is valid.  sysctl.d(5) doesn't document
this case.

Perhaps the systemd package should not ship globbed sysctls in the
above-documented network subtrees - are there use cases not covered by
the .defaults sysctls?

I haven't checked if later packages continue to ship the above config.

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065439

Title:
  default globbed sysctls override linux defaults

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2065439/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to