Bug 1251762
Summary: | dnssec-triggerd ignores net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Moez Roy <moez.roy> |
Component: | dnssec-trigger | Assignee: | Tomáš Hozza <thozza> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, moez.roy, pj.pandit, plautrba, psimerda, pspacek, pwouters, thozza |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:a0bc855c2d4c8f79390d170e1060be1320368057570fee279bc6aaee3aafa9be | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-12 15:09:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1182488 |
Description
Moez Roy
2015-08-09 18:27:44 UTC
dnssec-triggerd ignores net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf You can reproduce this by putting "ipv6.disable=1" in the kernel command line. Doing 'setsebool -P domain_kernel_load_modules 1' would reduce the security provided by SELinux so it is not an option. Would appreciate a fix. Thanks. Dnssec-trigger uses standard system socket API and checks for failures. If the IPv6 is not available, the call should fail and dnssec-trigger can cope with it. This has been discussed in upstream and nobody thinks that Unbound, dnssec-trigger, nor any other tool should read the system configuration files or paths and make decisions whether to use IPv6 or not, based on this. If you are not happy with kernel loading the module, please work with the Kernel maintainers on resolving the fact that kernel tries to load IPv6 module even though you've disabled it. If you are not happy with the SELinux, please work with the SELinux developer. There is nothing to change or improve from Unbound's or dnssec-trigger's point of view. *** This bug has been marked as a duplicate of bug 641836 *** |