aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2017-07-21 05:07:10 -0400
committerDee'Kej <deekej@linuxmail.org>2017-07-27 15:45:50 +0200
commit13d638c0a7df4a998429163b9a0189dcffa2393a (patch)
treecbf090fc619257d100d964af82b1e95e85e1e110
parentcb1e9cea1c74aa0f29038449a4c557a9a3ce5d89 (diff)
downloadinitscripts-13d638c0a7df4a998429163b9a0189dcffa2393a.tar
initscripts-13d638c0a7df4a998429163b9a0189dcffa2393a.tar.gz
initscripts-13d638c0a7df4a998429163b9a0189dcffa2393a.tar.bz2
initscripts-13d638c0a7df4a998429163b9a0189dcffa2393a.tar.xz
initscripts-13d638c0a7df4a998429163b9a0189dcffa2393a.zip
Drop sysctl.d/00-system.conf
This file now only contains lines to disable netfilter on bridges. In kernel 3.18 this filtering functionality was made non-default by moving it to br_netfilter [https://bugzilla.redhat.com/show_bug.cgi?id=512206]. Aybody who actually wants to use br_netfilter has to load it explicitly anyway, so disabling it through sysctl isn't necessary anymore. The reason for removal is that by default (i.e. when br_netfilter is not loaded), we get a warning on every boot: systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-ip6tables', ignoring: No such file or directory systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-iptables', ignoring: No such file or directory systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-arptables', ignoring: No such file or directory This is confusing for users and inelegant. The downside of removing this file is for people who load br_netfilter for some reason *and* do no want to use it, will have to take an additional step now (either restore the sysctl settings or remove br_netfilter from /etc/modules-load.d or wherever). I expect the number of people affected to be very small. (Note that the file was overwritten on sparc and s390, so those architectures see no change.)
-rw-r--r--Makefile7
-rw-r--r--initscripts.spec1
-rw-r--r--sysctl.conf9
3 files changed, 2 insertions, 15 deletions
diff --git a/Makefile b/Makefile
index ae113383..201bab1d 100644
--- a/Makefile
+++ b/Makefile
@@ -25,13 +25,10 @@ install:
install -m644 debug.csh debug.sh $(ROOT)/etc/profile.d
install -m755 sys-unconfig $(ROOT)/usr/sbin
install -m644 service.8 sys-unconfig.8 $(ROOT)$(mandir)/man8
- mkdir -p -m 755 $(ROOT)/usr/lib/sysctl.d
- mkdir -p -m 755 $(ROOT)/etc/sysctl.d
- install -m644 sysctl.conf $(ROOT)/usr/lib/sysctl.d/00-system.conf
if uname -m | grep -q sparc ; then \
- install -m644 sysctl.conf.sparc $(ROOT)/usr/lib/sysctl.d/00-system.conf ; fi
+ install -D -m644 sysctl.conf.sparc $(ROOT)/usr/lib/sysctl.d/00-system.conf ; fi
if uname -m | grep -q s390 ; then \
- install -m644 sysctl.conf.s390 $(ROOT)/usr/lib/sysctl.d/00-system.conf ; fi
+ install -D -m644 sysctl.conf.s390 $(ROOT)/usr/lib/sysctl.d/00-system.conf ; fi
install -m755 -d $(ROOT)/etc/rc.d $(ROOT)/etc/sysconfig
cp -af rc.d/init.d $(ROOT)/etc/rc.d/
diff --git a/initscripts.spec b/initscripts.spec
index 15687701..9b0b6320 100644
--- a/initscripts.spec
+++ b/initscripts.spec
@@ -143,7 +143,6 @@ fi
%dir %{_sysconfdir}/rc.d/init.d
%{_sysconfdir}/rc.d/init.d/*
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) %{_sysconfdir}/rc.d/rc.local
-%{_prefix}/lib/sysctl.d/00-system.conf
%exclude %{_sysconfdir}/profile.d/debug*
%{_sysconfdir}/profile.d/*
%{_sbindir}/sys-unconfig
diff --git a/sysctl.conf b/sysctl.conf
deleted file mode 100644
index f8484efa..00000000
--- a/sysctl.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Kernel sysctl configuration file
-#
-# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
-# sysctl.conf(5) for more details.
-
-# Disable netfilter on bridges.
-net.bridge.bridge-nf-call-ip6tables = 0
-net.bridge.bridge-nf-call-iptables = 0
-net.bridge.bridge-nf-call-arptables = 0