Bug 1208704 - /etc/sysctl.conf handling
Summary: /etc/sysctl.conf handling
Status: NEW
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Ludwig Nussel
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1208319
  Show dependency treegraph
 
Reported: 2023-02-27 13:38 UTC by Ludwig Nussel
Modified: 2023-07-19 22:14 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2023-02-27 13:38:24 UTC 
systemd-sysctl does not load /etc/sysctl.conf(https://github.com/systemd/systemd/commit/04bf3c1a60d82791e0320381e9268f727708f776). So far systemd packaged a static link in /usr/lib/sysctl.d/99-sysctl.conf but that fails in brp check if no package provides /etc/sysctl.conf. Therefore as an interim solution aaa_base can create a symlink in /etc/sysctl.d instead.

TODO: get upstream to read /etc/sysctl.conf agin or if that fails move it with some migration script.
Comment 1 Thorsten Kukuk 2023-02-27 18:21:04 UTC 
(In reply to Ludwig Nussel from comment #0)
> TODO: get upstream to read /etc/sysctl.conf agin or if that fails move it
> with some migration script.

I would move it:

test -f /etc/sysctl.conf && mv /etc/sysctl.conf /etc/sysctl.conf.d/99-sysctl.conf

Done. And we have a clean /etc without any hacks.
Comment 2 Ludwig Nussel 2023-02-28 08:26:47 UTC 
Yes, that is plan B. procps however still documents use of /etc/sysctl.conf so would be good if systemd-sysctl would read it too.
https://github.com/systemd/systemd/pull/26604
Comment 3 Jinesh Choksi 2023-07-19 22:14:00 UTC 
In a fresh install of Tumbleweed (openSUSE-Tumbleweed-NET-x86_64-Snapshot20230717-Media.iso) as of today (19/07/2023), there is no file in /etc called sysctl.conf.

This causes a problem with autoyast.

Specifically, if in an autoyast configuration file, you have a section like:

---snip---
  <security t="map">
    <console_shutdown>ignore</console_shutdown>
    <displaymanager_remote_access>no</displaymanager_remote_access>
    <displaymanager_root_login_remote>no</displaymanager_root_login_remote>
    <displaymanager_shutdown>Root</displaymanager_shutdown>
    <displaymanager_xserver_tcp_port_6000_open>no</displaymanager_xserver_tcp_port_6000_open>
    <hibernate_system>active_console</hibernate_system>
    <kernel.sysrq>1</kernel.sysrq>
    <lsm_select>apparmor</lsm_select>
    <net.ipv4.ip_forward>false</net.ipv4.ip_forward>
    <net.ipv4.tcp_syncookies>true</net.ipv4.tcp_syncookies>
    <net.ipv6.conf.all.forwarding>false</net.ipv6.conf.all.forwarding>
    <obscure_checks_enab>yes</obscure_checks_enab>
    <passwd_encryption>sha512</passwd_encryption>
    <passwd_use_pwquality>yes</passwd_use_pwquality>
    <permission_security>secure</permission_security>
    <run_updatedb_as>nobody</run_updatedb_as>
    <smtpd_listen_remote>no</smtpd_listen_remote>
    <syslog_on_no_error>yes</syslog_on_no_error>
  </security>
---snip---

The net.ipv4.* and net.ipv6.* sysctl settings fail to be written to the /usr/lib/sysctl.d/99-sysctl.conf file which is currently a symlink to the /etc/sysctl.conf file, which doesn't exist.