Bug 292551 - ipv6 installed and used despite "IPv6 Disabled" in configuration menu
ipv6 installed and used despite "IPv6 Disabled" in configuration menu
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Cantrell
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-09-16 14:53 EDT by John Reiser
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-25 15:49:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Reiser 2007-09-16 14:53:13 EDT
Description of problem: The installed system runs ipv6 (loads kernel module ipv6
and uses it for networking services) despite having "Disabled" in the
IPv6/Prefix portion of the graphical configuration menu for Network Devices.

Version-Release number of selected component (if applicable):

How reproducible: always

Steps to Reproduce:
1. Boot rescue disk
2. Network install via http
3. Disable IPv6 for installer itself
4. Confirm "Disabled" in IPv6/Prefix section of configuration for Network Devices.
Actual results:  Installed system loads kernel module ipv6, and networking uses
ipv6.  The installed system contains no line "blacklist ipv6" in any file in
directory /etc/udev/rules.d, which seems to be the prefered mechanism for
actually inhibiting the use of ipv6.  All kickstart lines for 'network' in
/root/anaconda-cfg.ks omit "--nopiv6" which would seem to be required if
"Disable IPv6" were to be propagated from the installer to the installed system.

Expected results: Installed system does not use ipv6, and kernel module ipv6 is
not loaded.

Additional info:
The observed behavior might quality as a security risk, because a facility that
was intended not to be used was not disabled.

See also bug # 241667 "--noipv6 option for network is ignored" in RHEL5.
Comment 1 David Cantrell 2007-09-25 15:49:18 EDT
This is as designed.  At one point in time, I was writing out the 'blacklist
ipv6' line.  However, Fedora will now always load the ipv6 module, but not
necessarily configure the interface.  If you disable IPv6 during installation,
the IPv6 stack will not be configured, but the module will still be loaded.

This is not something that will change in Fedora, we are going to have the dual
stack from now on, but not necessarily configured.  If users want to forcibly
prevent ipv6.ko from loading, you will have to do that by hand either in a
kickstart %post section or manually after installation.

There is a push to limit things like 'blacklist ipv6' setting by the installer
because that's really something we should never care about and neither should a
majority of the users.  That's why it was removed.  That and wanting to make
sure that software works with dual stack IPv4/IPv6 systems.

Note You need to log in before you can comment on or make changes to this bug.