Bug 292551 - ipv6 installed and used despite "IPv6 Disabled" in configuration menu
Summary: ipv6 installed and used despite "IPv6 Disabled" in configuration menu
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: 8
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Cantrell
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-16 18:53 UTC by John Reiser
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-09-25 19:49:18 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description John Reiser 2007-09-16 18:53:13 UTC
Description of problem: The installed system runs ipv6 (loads kernel module ipv6
and uses it for networking services) despite having "Disabled" in the
IPv6/Prefix portion of the graphical configuration menu for Network Devices.


Version-Release number of selected component (if applicable):
anaconda-11.3.0.28

How reproducible: always


Steps to Reproduce:
1. Boot rescue disk
2. Network install via http
3. Disable IPv6 for installer itself
4. Confirm "Disabled" in IPv6/Prefix section of configuration for Network Devices.
  
Actual results:  Installed system loads kernel module ipv6, and networking uses
ipv6.  The installed system contains no line "blacklist ipv6" in any file in
directory /etc/udev/rules.d, which seems to be the prefered mechanism for
actually inhibiting the use of ipv6.  All kickstart lines for 'network' in
/root/anaconda-cfg.ks omit "--nopiv6" which would seem to be required if
"Disable IPv6" were to be propagated from the installer to the installed system.


Expected results: Installed system does not use ipv6, and kernel module ipv6 is
not loaded.


Additional info:
The observed behavior might quality as a security risk, because a facility that
was intended not to be used was not disabled.

See also bug # 241667 "--noipv6 option for network is ignored" in RHEL5.

Comment 1 David Cantrell 2007-09-25 19:49:18 UTC
This is as designed.  At one point in time, I was writing out the 'blacklist
ipv6' line.  However, Fedora will now always load the ipv6 module, but not
necessarily configure the interface.  If you disable IPv6 during installation,
the IPv6 stack will not be configured, but the module will still be loaded.

This is not something that will change in Fedora, we are going to have the dual
stack from now on, but not necessarily configured.  If users want to forcibly
prevent ipv6.ko from loading, you will have to do that by hand either in a
kickstart %post section or manually after installation.

There is a push to limit things like 'blacklist ipv6' setting by the installer
because that's really something we should never care about and neither should a
majority of the users.  That's why it was removed.  That and wanting to make
sure that software works with dual stack IPv4/IPv6 systems.


Note You need to log in before you can comment on or make changes to this bug.