Bug 760254

Summary: /etc/sysctl.conf cannot be overriden
Product: [Fedora] Fedora Reporter: Jan Kratochvil <jan.kratochvil>
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 16CC: anders.blomdell, awilliam, dwalsh, edgar.hoch, iarlyy, initscripts-maint-list, johannbg, jonathan, lnykryn, lpoetter, lukasz, metherid, mgrepl, mschmidt, notting, orion, plautrba, rvokal, systemd-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 15:24:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 767795    
Bug Blocks:    
Attachments:
Description Flags
Untested fix.
none
initscripts patch none

Description Jan Kratochvil 2011-12-05 17:27:05 UTC 
Created attachment 541029 [details]
Untested fix.

Description of problem:
/lib/systemd/systemd-sysctl tries hard to sort the order of various *.conf files. But after all are processed the /etc/sysctl.conf file overwrites everything.
One should be able to override default /etc/sysctl.conf by custom files, without modifying /etc/sysctl.conf itself.

Version-Release number of selected component (if applicable):
systemd-37-3.fc16.x86_64

How reproducible:
Always.

Steps to Reproduce:
echo 'net.ipv4.ip_forward = 1' >/etc/sysctl.d/z.conf
/lib/systemd/systemd-sysctl
cat /proc/sys/net/ipv4/ip_forward 

Actual results:
0

Expected results:
1

Additional info:
Comment 1 Michal Schmidt 2011-12-05 17:33:07 UTC 
That's funny because it was originally like that but it was changed:

commit cb80401132edc9c0a717abb55b54d3a8016cd5ce
Author: Ludwig Nussel <ludwig.nussel>
Date:   Mon May 16 11:11:52 2011 +0200

    sysctl: apply /etc/sysctl.conf last
    
    apply /etc/sysctl.conf last to actually allow the admin to override
    package provided defaults.
Comment 2 Kay Sievers 2011-12-05 18:04:03 UTC 
This file should just not exist. These days, /etc is reserved for the
'local administration', not for things to be installed by the default
system.

I think the best option is to make initscripts.rpm to move the file
to: /usr/lib/sysctl.d/, and leave /etc alone.

I think the current systemd behaviour is fine. We have no way of
persistently overwriting things in /etc.
Comment 3 Michal Schmidt 2011-12-05 18:07:51 UTC 
Heh, I was just writing a comment saying the same. Let's move this to initscripts, which is the owner of /etc/sysctl.conf. Let's move the distro defaults to /usr/lib/sysctl.d/00-fedora.conf or something like that.
Comment 4 Bill Nottingham 2011-12-05 22:11:40 UTC 
We would need to find all the places that blindly do 'sysctl -p /etc/sysctl.conf' and fix them. Of course, given sysctl.d, such places are broken already.
Comment 5 Bill Nottingham 2011-12-14 21:54:25 UTC 
Created attachment 546919 [details]
initscripts patch

Here's a initscripts patch. It suffers from the same problem described in bug 767795.
Comment 6 Bill Nottingham 2012-04-20 19:04:54 UTC 
http://git.fedorahosted.org/git/?p=initscripts.git;a=commitdiff;h=f4852e09cd32f33b0c496864171d8dc9e85bd0cf

Currently slated for F18 due to schedule.
Comment 7 Adam Williamson 2012-10-15 17:25:56 UTC 
per http://d.hatena.ne.jp/masami256/20121014/1350215052 and the recent discussion on fedora-devel, perhaps we ought to add a stub /etc/sysctl.conf which just says to add any customization to a file in /etc/sysctl.d ?
Comment 8 Bill Nottingham 2012-10-18 20:07:14 UTC 
Sure, why not.

http://git.fedorahosted.org/cgit/initscripts.git/commit/?id=231d3e4ec98e3792519ffbe7f081e592ec31fdff
Comment 9 Adam Williamson 2012-10-22 23:17:56 UTC 
looks fine, except should it really still be config(noreplace)? the whole point is that the user can't actually do any customization in it any more, after all...
Comment 10 Bill Nottingham 2012-10-23 20:46:14 UTC 
That file is still read, so they could.

Plus, we don't want the new README-ified version blowing away anything they have there.
Comment 11 Adam Williamson 2012-10-23 23:29:31 UTC 
Ah, OK, I didn't realize it was still 'active if present'.
Comment 12 Fedora Update System 2012-10-31 17:28:49 UTC 
initscripts-9.42-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/initscripts-9.42-1.fc18
Comment 13 Fedora Update System 2012-11-01 05:55:23 UTC 
Package initscripts-9.42-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing initscripts-9.42-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-17428/initscripts-9.42-1.fc18
then log in and leave karma (feedback).
Comment 14 Fedora Update System 2012-12-20 15:25:00 UTC 
initscripts-9.42-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Łukasz Trąbiński 2013-03-21 17:57:02 UTC 
Hi
I have fresh instalation of fedora 18.
I have just copied /etc/sysctl.conf to /usr/lib/sysctl.d/00-fedora.conf
and it's not working for me. I have to manualy run sysctl -p to apply rules from sysctl.conf :/ Any idea?


[root@ssh ~]# rpm -q initscripts
initscripts-9.42.2-1.fc18.x86_64
Comment 16 Michal Schmidt 2013-03-21 18:03:33 UTC 
(In reply to comment #15)
> I have just copied /etc/sysctl.conf to /usr/lib/sysctl.d/00-fedora.conf
> and it's not working for me.

Lukasz, copying the file should not be necessary. And storing the administrator's local configuration under /usr/lib is definitely wrong.

What exactly is "not working"?
Please file a new bug and attach:
- the output of "systemctl status systemd-sysctl.service"
- the listing of /usr/lib/sysctl.d and /etc/sysctl.d
- the contents of your sysctl.conf.
Comment 17 Łukasz Trąbiński 2013-03-21 18:14:58 UTC 
As you can see, i two copies of /etc/sysctcl in /usr/lib/sysctl.d and /etc/sysctl.d. It's the same file in three different directory

[root@ssh ~]# ll /etc/sysctl.conf
-rw-r--r-- 1 root root 969 Mar 21 16:14 /etc/sysctl.conf

[root@ssh ~]# ll /usr/lib/sysctl.d
total 4
-rw-r--r-- 1 root root 969 Mar 21 18:36 00-fedora.conf

[root@ssh ~]# ll /etc/sysctl.d
total 4
-rw-r--r-- 1 root root 969 Mar 21 18:41 sysctl.conf

[root@ssh ~]# systemctl status systemd-sysctl.service
systemd-sysctl.service - Apply Kernel Variables
          Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static)
          Active: active (exited) since Thu 2013-03-21 19:07:34 CET; 3min 1s ago
            Docs: man:systemd-sysctl.service(8)
                  man:sysctl.d(5)
         Process: 380 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
[root@ssh ~]# cat /usr/lib/sysctl.d/00-fedora.conf 
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.router_solicitations = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1

but, you can see below that net.ipv4.ip_forward = 0 

[root@ssh ~]# sysctl -a |grep net.ipv4.ip_forward
net.ipv4.ip_forward = 0

What went wrong?
Comment 18 Michal Schmidt 2013-03-21 18:27:54 UTC 
Please file a NEW bug. This is not the same problem as the one that was resolved in this Bugzilla report.