|
Bugzilla – Full Text Bug Listing |
| Summary: | sysctl: cannot open "/usr/lib/sysctl.d/99-sysctl.conf": No such file or directory | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Petr Vorel <petr.vorel> |
| Component: | Basesystem | Assignee: | systemd maintainers <systemd-maintainers> |
| Status: | RESOLVED FIXED | QA Contact: | Petr Vorel <petr.vorel> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | dleuenberger, fbui, kukuk, lnussel, pcervinka, petr.vorel, wegao, werner |
| Version: | Current | Flags: | fbui:
needinfo?
(lnussel) |
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| See Also: |
https://bugzilla.suse.com/show_bug.cgi?id=1212839 https://bugzilla.suse.com/show_bug.cgi?id=1218114 |
||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
NOTE: the problem is also on ALP, do you want me to create another bugreport? https://openqa.suse.de/tests/12962407#step/setsockopt08/7 https://openqa.suse.de/tests/12962362#step/cve-2021-22555/7 Proposed fix: https://build.opensuse.org/request/show/1132712 (In reply to Petr Vorel from comment #1) > NOTE: the problem is also on ALP, do you want me to create another bugreport? > https://openqa.suse.de/tests/12962407#step/setsockopt08/7 > https://openqa.suse.de/tests/12962362#step/cve-2021-22555/7 No, please fix your test cases. Already SLES15 had the comment, that you should use /etc/sysctl.d/ As announced some years ago (and there are also Jiras about this), /etc should not contain any files provided by the distribution, only host specific config files and admin overrides. ALP and openSUSE Tumbleweed do not contain anymore this legacy stuff. (In reply to Petr Vorel from comment #2) > Proposed fix: https://build.opensuse.org/request/show/1132712 The fix would be to remove the dangling 99-sysctl.conf symlink or fix the code, which fails because of this. (In reply to Thorsten Kukuk from comment #4) > (In reply to Petr Vorel from comment #2) > > Proposed fix: https://build.opensuse.org/request/show/1132712 > > The fix would be to remove the dangling 99-sysctl.conf symlink or fix the > code, which fails because of this. Sure, I could remove dangling 99-sysctl.conf symlink, but I understand why it was added (backward compatibility). The problem was that empty /etc/sysctl.conf was not listed in %files, thus file was not included. But if you or others think that it's no longer the reason to keep /etc/sysctl.conf, I'll remove it. (In reply to Thorsten Kukuk from comment #4) > (In reply to Petr Vorel from comment #2) > > Proposed fix: https://build.opensuse.org/request/show/1132712 > > The fix would be to remove the dangling 99-sysctl.conf symlink or fix the > code, which fails because of this. Fine to drop the dangling symlink from systemd if the removal of /etc/sysctl.conf support has been announced. Otherwise it might be too premature. (In reply to Thorsten Kukuk from comment #3) > (In reply to Petr Vorel from comment #1) > > NOTE: the problem is also on ALP, do you want me to create another bugreport? > > https://openqa.suse.de/tests/12962407#step/setsockopt08/7 > > https://openqa.suse.de/tests/12962362#step/cve-2021-22555/7 > > No, please fix your test cases. For a record, there is nothing to fix on the test. This is a kernel CVE test [1], which does not run because ipt_state kernel module which is loaded by setsockopt(), because of broken sysctl due dangling link. [1] https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/setsockopt/setsockopt08.c Thank you both for your comments. SR to remove /usr/lib/sysctl.d/99-sysctl.conf and /etc/sysctl.conf https://build.opensuse.org/request/show/1132883 (In reply to Petr Vorel from comment #8) > Thank you both for your comments. > SR to remove /usr/lib/sysctl.d/99-sysctl.conf and /etc/sysctl.conf > https://build.opensuse.org/request/show/1132883 As written previously this needs to be announced first. Was it the case ? (In reply to Franck Bui from comment #9) > (In reply to Petr Vorel from comment #8) > > Thank you both for your comments. > > SR to remove /usr/lib/sysctl.d/99-sysctl.conf and /etc/sysctl.conf > > https://build.opensuse.org/request/show/1132883 > > As written previously this needs to be announced first. > > Was it the case ? For ALP we do not announce anything first, we do the necessary cleanup and changes and make sure that it's get documented in the release-notes or product documentation. Everything else will not work with a new product. So for ALP: 1. remove the dangling symlink 2. create a bug for documentation to document how it has to be done now Wait for the beta tester feedback if there are use cases we missed and adjust if necessary. (In reply to Thorsten Kukuk from comment #10) > For ALP we do not announce anything first, This is a SR for Factory and ALP inherits systemd from Factory. Also the "changes first in Factory" rule also applies for ALP, no ? @Thorsten would you mind to write the announcement? Also, quoting "Packages shouldn't ship files in /etc anymore. That's the reason why aaa_base stop providing it." (your comment at [1]), IMHO that's not true: $ rpm -qf /etc/sysctl.conf aaa_base-84.87+git20231023.f347d36-1.1.x86_64 e.g. /etc/sysctl.conf added in [2] is still in the package. Therefore this transition affects also aaa_base. [1] https://build.opensuse.org/request/show/1132712 [2] https://github.com/openSUSE/aaa_base/pull/123 (In reply to Petr Vorel from comment #12) > Also, quoting "Packages shouldn't ship files in /etc anymore. That's the > reason why aaa_base stop providing it." (your comment at [1]), IMHO that's > not true: > > $ rpm -qf /etc/sysctl.conf > aaa_base-84.87+git20231023.f347d36-1.1.x86_64 > > e.g. /etc/sysctl.conf added in [2] is still in the package. Therefore this > transition affects also aaa_base. This is not correct, it's a %ghost entry in aaa_base only, no file. If you do a fresh installation, there is no /etc/sysctl.conf since several month anymore, none of my newer Tumbleweed installations has this file. If this got announced: no idea, Ludwig? The reaming question is, why openQA only run now into problem. It should be already month ago. (In reply to Franck Bui from comment #11) > (In reply to Thorsten Kukuk from comment #10) > > For ALP we do not announce anything first, > > This is a SR for Factory and ALP inherits systemd from Factory. > > Also the "changes first in Factory" rule also applies for ALP, no ? The situation is different here: ALP -> new code base Factory -> rolling release So not installing the symlink on ALP but only Tumbleweed for now is fine. At least until we have clarified the situation around Tumbleweed. If somebody makes trouble, send him to me. Moving distro shipped stuff out of /etc is what's happening in the Linux world in general. Not much point in announcing every single file. Where would we announce that anyway? If you feel this particular file is important enough maybe adding a word about it in the wiki makes sense. To get rid of the dangling symlink we could probably also ship a generator instead that creates a symlink in /run if /etc/sysctl.conf exists and log a warning. FWIW to add to the confusion, the sysctl tool from procps still reads /etc/sysctl.conf and even ships a manpage. The tool is not used by systemd though. (In reply to Ludwig Nussel from comment #15) > Moving distro shipped stuff out of /etc is what's happening in the Linux > world in general. Not much point in announcing every single file. Where > would we announce that anyway? If you feel this particular file is important > enough maybe adding a word about it in the wiki makes sense. Ignoring /etc/sysctl.conf at boot without any notice falls into the "important enough" category IMHO. Silently changing some kernel settings might have some unexpected and subtile consequences. At least when there's a need to deprecate and drop obsolete stuff in systemd whose effects are visible for users the factory mailing list is used. One could argue that the mailing list is not ideal for such purposes because only a part of openSUSE users follow the various discussions in there but I'm not aware of any better mean for announcing important changes that break backward compat. Dominique, maybe you know a better way ? (In reply to Ludwig Nussel from comment #16) > FWIW to add to the confusion, the sysctl tool from procps still reads > /etc/sysctl.conf and even ships a manpage. The tool is not used by systemd > though. Then sysctl should be updated to indicate that the path is deprecated in the manpage (at least). It could also output a warning before parsing /etc/sysctl.conf. Adding Werner in Cc. I think the best solution is, to keep the symlink for ALP and Factory and teach sysctl to not abort on dangling symlinks. (In reply to Thorsten Kukuk from comment #19) > I think the best solution is, to keep the symlink for ALP and Factory and > teach sysctl to not abort on dangling symlinks. Werner accepted my patch to ignore a missing /etc/sysctl.conf file, so this bug should be fixed. procps4 now also have this fix Thanks. However I'm still thinking that we should start deprecating /etc/sysctl.conf in both sysctl and systemd by throwing a deprecation warning when this main conf file is parsed. Main config files in /etc are problematic with drop-ins shipped by downstream since the latter override the former. We got rid of them in systemd and it would be nice to be consistent in this regard. On already installed systems we might think about a move like /etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf to not to break a customers system (In reply to Dr. Werner Fink from comment #23) > On already installed systems we might think about a move like > > /etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf > > to not to break a customers system That would be an option I think. Given that /etc/sysctl.conf is owned by aaa_base, I suppose the renaming should be done in this package. We just need to make sure to submit the new versions of systemd, procps and aaa_base at the same time. This is an autogenerated message for OBS integration: This bug (1217990) was mentioned in https://build.opensuse.org/request/show/1133112 Factory / procps https://build.opensuse.org/request/show/1133115 Factory / procps4 I suppose this bug will be solved by Werner's fixes as well: https://bugzilla.suse.com/show_bug.cgi?id=1218114 (In reply to Franck Bui from comment #25) > That would be an option I think. Given that /etc/sysctl.conf is owned by > aaa_base, I suppose the renaming should be done in this package. > Ludwig, given that you're the maintainer of aaa_base, would you accept to do the conversion in aaa_base ? |
$ ls -la /usr/lib/sysctl.d/99-sysctl.conf lrwxrwxrwx 1 root root 24 Nov 2 15:59 /usr/lib/sysctl.d/99-sysctl.conf -> ../../../etc/sysctl.conf => there is no /etc/sysctl.conf. I'm looking into systemd.spec: # Since v207 /etc/sysctl.conf is no longer parsed (commit 04bf3c1a60d82791), # however backward compatibility is provided by the following symlink. ln -s ../../../etc/sysctl.conf %{buildroot}%{_sysctldir}/99-sysctl.conf touch %{buildroot}%{_sysconfdir}/sysctl.conf => obviously file was not packaged: rpm -qf /usr/lib/sysctl.d/99-sysctl.conf systemd-254.5-5.1.x86_64 The problem is, that modprobe fails on a first run: # modprobe ipt_state; echo $? sysctl: cannot open "/usr/lib/sysctl.d/99-sysctl.conf": No such file or directory modprobe: ERROR: Error running install command '/sbin/modprobe --ignore-install nf_conntrack && /sbin/sysctl --quiet --pattern 'net[.]netfilter[.]nf_conntrack.*' --system' for module nf_conntrack: retcode 255 modprobe: ERROR: could not insert 'xt_state': Invalid argument 1 # modprobe ipt_state; echo $? 0 Also, this does not happen on other modules (I'm not sure why, but that was the reason, why this bug was not noticed): # modprobe nf_tables; echo $? 0 NOTE: found with LTP test setsockopt08 in ltp_syscalls https://openqa.opensuse.org/tests/3802857#step/setsockopt08/7 which is also run with -i100 (100x in ltp_cve: https://openqa.opensuse.org/tests/3802872#step/cve-2021-22555/7