Bug 667211

Summary: sysctl calls fail with VLANs (mostly breaking IPv6)
Product: Red Hat Enterprise Linux 6 Reporter: Bill Nottingham <notting>
Component: initscriptsAssignee: initscripts Maintenance Team <initscripts-maint-list>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: albert, notting, ossman, plautrba, ricky.schneberger, rvokal
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: initscripts-9.03.18-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 665601 Environment:
Last Closed: 2011-05-19 13:51:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 665601, 1139560    
Bug Blocks:    
Attachments:
Description Flags
patch for this for RHEL 6 none

Description Bill Nottingham 2011-01-04 20:00:21 UTC 
+++ This bug was initially created as a clone of Bug #665601 +++

I'm amazed this bug has gone unnoticed for so long, but here goes...

sysctl uses "." as the path delimiter. VLAN uses "." as the id delimiter. initscripts does absolutely nothing to resolve this conflict. The end result is that all sysctl calls on VLAN if:s will just fail (silently for extra bonus as the scripts pipe to /dev/null).

With legacy IP this isn't a big deal as the sysctl use is very sparse. For IPv6 however, the shit really hits the fan as you can't even disable address autoconfiguration without sysctl.

Encountered this issue on RHEL 5, but it should still be present in RHEL 6 as I can see that my local F14 machine has the bug.

Attached patch fixes most of the calls. Are still a few left that required a bit more effort to handle.

Please prioritise this bug as it is causing a lot of head ache doing IPv6 rollout with RHEL.

--- Additional comment from ossman on 2010-12-27 04:02:02 EST ---

Created attachment 470819 [details]
initscripts-sysctl-vlan.patch

Hmm.. patch got lost somewhere...

--- Additional comment from notting on 2011-01-03 11:56:35 EST ---

Given that the /proc/sys entries properly contain the '.', and this could happen in other places, I'm inclined to say 'fix /sbin/sysctl'.

--- Additional comment from ossman on 2011-01-03 12:11:25 EST ---

The problem for /sbin/sysctl is the ambiguity between "." as a delimiter and "." as a part of a component name. Do we really want it guessing? I'd rather stuff fail than pick the wrong entry because of a naming conflict.

--- Additional comment from notting on 2011-01-03 12:20:28 EST ---

I just find the idea of a first pass that converts certain '.' to '/' when calling sysctl, just so sysctl can then run a two-pass sed that changes '.' to '/' and '/' to '.'  rather cumbersome.

Seems simpler to just skip sysctl entirely.

--- Additional comment from ossman on 2011-01-04 03:42:20 EST ---

No objection to that. I don't know the motivation for using sysctl rather than /proc in the first place.

So change the component back to initscripts?

--- Additional comment from notting on 2011-01-04 11:16:24 EST ---

Well, I can still change initscripts; but it would be good if /sbin/sysctl was fixed. The upstream man page says:

       variable
              The  name  of  a key to read from.  An example is kernel.ostype.  The '/'
              separator is also accepted in place of a '.'.

... which implies that it *should* work without the substitution.

--- Additional comment from ossman on 2011-01-04 11:27:31 EST ---

I don't see any way of just "fixing" sysctl. It's the interface that's crap, not the implementation. So any good fixes to sysctl would require changes to initscripts as well.

One variant is to change initscripts to not use "." but rather "/" as the delimiter. That would solve my use case. Not sure if a stray "/" can occur in any component name though...

--- Additional comment from notting on 2011-01-04 14:59:23 EST ---

Yeah, I suppose the docs should be updated for sysctl to not imply that it actually works. In any case, can change initscripts in the mean time.

For existing RHEL releases, will probably do the sysctl device substitution as above... would want to investigate in Fedora whether we can get away with direct echos, etc. (For example, in some policy settings, sysctl might be a specific restricted security context that the script isn't.)
Comment 1 Bill Nottingham 2011-01-04 20:15:22 UTC 
Created attachment 471740 [details]
patch for this for RHEL 6
Comment 2 Bill Nottingham 2011-01-04 21:03:04 UTC 
Will also need 4ac5634 from git master.
Comment 5 errata-xmlrpc 2011-05-19 13:51:52 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0647.html