Ubuntu
systemd package

default globbed sysctls override linux defaults

Bug #2065439 reported by Ross Vandegrift
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

In 22.04, systemd ships the following globbed sysctls:
    $ grep -r -F '*' /usr/lib/sysctl.d /etc/sysctl.*
    /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.rp_filter = 2
    /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.accept_source_route = 0
    /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.promote_secondaries = 1

This seems to break linux's built-in .defaults sysctls. For instance, `net.ipv4.conf.default.rp_filter` is ineffective given the above.

According to sysctl.d(5), they're applied /individually/ when interfaces show up:
> The settings configured with sysctl.d files will be applied early on boot.
> The network interface-specific options will also be applied individually for
> each network interface as it shows up in the system. (More specifically,
> net.ipv4.conf.*, net.ipv6.conf.*, net.ipv4.neigh.* and net.ipv6.neigh.*).

That means something (networkd?) applies `net.ipv4.conf.newif.rp_filter=2` when newif appears. Since that's applied to an individual interface, it overrides `net.ipv4.conf.default.rp_filter=0` that I've set. That pretty surprising.

It isn't clear from sysctl.d(5) how to disable this. With some experimentation, I've come up with:
    -net.ipv4.conf.*.rp_filter
     net.ipv4.conf.all.rp_filter = 0
     net.ipv4.conf.default.rp_filter = 0

But I'm not sure that first line is valid. sysctl.d(5) doesn't document this case.

Perhaps the systemd package should not ship globbed sysctls in the above-documented network subtrees - are there use cases not covered by the .defaults sysctls?

I haven't checked if later packages continue to ship the above config.

Revision history for this message
Nick Rosbrook (enr0n) wrote :

These are just defaults. You can override anything you like by specifying your own values in e.g. /etc/sysctl.d/60-my-overrides.conf. See "Configuration Directories and Precedence" in https://www.freedesktop.org/software/systemd/man/latest/sysctl.d.html for more details.

Changed in systemd (Ubuntu):
status: New → Invalid
Revision history for this message
Ross Vandegrift (ross-kallisti) wrote :

Hi Nick,

Yes I could override the whole file - but I'd have to copy and maintain the non-wildcard entries myself. That's more tedious than being able to correctly override the .default sysctls as usual.

I disagree with your view that these "are just defaults" - they are more, since they interfere with the kernel's pre-existing method of configuring defaults for these values.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.