In this sprint I'm working on a bug reported against yast2-security module.
This module manage some YaST sysctl config file attributes [1]. ## Problem After modifying the settings it does not apply the network changes to the running system. In the past that responsibility was handle by boot.ipconfig which it is not the case anymore once we moved to systemd. Currently, if there is at least a conflict [2] with other sysctl config files, the error is reported but the changes are not written as you can check in the code: https://github.com/yast/yast-security/blob/master/src/modules/Security.rb#L594 https://github.com/yast/yast-yast2/pull/1021/files#diff-4216cbac8e98ed10343a00513e10e917R128 Thus, the changes done in the UI are lost, and need to be modified manually later. ## Proposed Solution - The sysctl changes made by the module should be written always to not lost them. - If there is some sysctl config change, then the changes will be applied to the running system. In case of a conflict it will be reported and the changes will be applied system wide (sysctl --system), which means that higher precedence values will be applied instead of the yast ones, but no conflicting attributes will be applied fine. Basically the same that would be applied by rebooting the system. In case of no conflict, then, only the changes of the yast sysctl config file will be applied (sysctl -p /etc/sysctl.d/70-yast.conf). This is faster, and should be safe enough. You can check the proposed solution in this PR: https://github.com/yast/yast-security/pull/67 ## Feeback We would like to know what do you thing about the proposed approach and if you prefer to solve it in other way. Thanks in advance ;) [1] Attributes handling by the module: See https://github.com/yast/yast-security/blob/master/src/modules/Security.rb#L902 - kernel.sysrq - net.ipv4.tcp_syncookies - net.ipv4.ip_forward - net.ipv6.conf.all.forwarding [2] A conflict means that there is at least one attribute handled in the yast sysctl config file which is also handled in a file with high precedence than the yast config file See https://github.com/yast/yast-yast2/blob/master/library/general/src/lib/cfa/sysctl_config.rb#L96 -- Knut Alejandro Anderssen González YaST Team at SUSE Linux GmbH -- To unsubscribe, e-mail: yast-devel+unsubscr...@opensuse.org To contact the owner, e-mail: yast-devel+ow...@opensuse.org
