Skip to content

sysctl: run sysctl service if /proc/sys/net is writable#4425

Merged
poettering merged 1 commit intosystemd:masterfrom
poettering:sysctlcondition
Oct 20, 2016
Merged

sysctl: run sysctl service if /proc/sys/net is writable#4425
poettering merged 1 commit intosystemd:masterfrom
poettering:sysctlcondition

Conversation

@poettering
Copy link
Member

@poettering poettering commented Oct 20, 2016

This simply changes this line:

ConditionPathIsReadWrite=/proc/sys/

to this:

 ConditionPathIsReadWrite=/proc/sys/net/

The background for this is that the latter is namespaced through network
namespacing usually and hence frequently set as writable in containers, even
though the former is kept read-only. If /proc/sys is read-only but
/proc/sys/net is writable we should run the sysctl service, as useful settings
may be made in this case.

Fixes: #4370

@poettering
sysctl: run sysctl service if /proc/sys/net is writable
5e792d4 
This simply changes this line:

    ConditionPathIsReadWrite=/proc/sys/

to this:

     ConditionPathIsReadWrite=/proc/sys/net/

The background for this is that the latter is namespaced through network
namespacing usually and hence frequently set as writable in containers, even
though the former is kept read-only. If /proc/sys is read-only but
/proc/sys/net is writable we should run the sysctl service, as useful settings
may be made in this case.

Fixes: systemd#4370
@poettering poettering mentioned this pull request Oct 20, 2016
Closed
2 tasks
@keszybz keszybz added the good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed label Oct 20, 2016
@poettering poettering merged commit 411e869 into systemd:master Oct 20, 2016
@evverx
Copy link
Contributor

evverx commented Oct 27, 2016
edited
Loading

So,

-bash-4.3# systemctl --state=failed --no-legend --no-pager
systemd-sysctl.service loaded failed failed Apply Kernel Variables

-bash-4.3# grep /proc/sys /proc/self/mountinfo
118 194 0:45 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:81 - proc proc rw
119 118 0:45 /sys/net /proc/sys/net rw,nosuid,nodev,noexec,relatime shared:81 - proc proc rw
...

-bash-4.3# journalctl -t systemd-sysctl --no-pager -o cat
Couldn't write '|/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %e' to 'kernel/core_pattern', ignoring: Read-only file system
Couldn't write '16' to 'kernel/sysrq', ignoring: Read-only file system
Couldn't write '1' to 'kernel/core_uses_pid', ignoring: Read-only file system
Couldn't write 'fq_codel' to 'net/core/default_qdisc', ignoring: No such file or directory
Couldn't write '1' to 'fs/protected_hardlinks', ignoring: Read-only file system
Couldn't write '1' to 'fs/protected_symlinks', ignoring: Read-only file system

Shouldn't we run /usr/lib/systemd/systemd-sysctl --prefix=net? Or, maybe, ignore the EROFS (inside the container)?

@keszybz keszybz removed the good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed label Oct 27, 2016
@evverx
Copy link
Contributor

evverx commented Oct 27, 2016
edited
Loading

Oh, sorry. I've just found #4481

@evverx evverx mentioned this pull request Oct 28, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

sysctl units

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@poettering @evverx @keszybz