So one thing I would suggest is testing ipv6 only environments. At Facebook we are running into and fixing a whole host of problems with NetworkManager, Anaconda, Dracut, etc. because they don't handle ipv6 only very well. It seems that having ipv4 enabled allows things to work well enough that nobody notices problems with ipv6. Thanks,
Josef On Tue, Nov 3, 2015 at 12:50 PM, Moez Roy <moez....@gmail.com> wrote: > Hi Pavel Simerda, > > The IPv6 updates are breaking stuff (and probably increasing the > attack surface): > > Bug 1231946 - unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1 > in /etc/sysctl.conf > https://bugzilla.redhat.com/show_bug.cgi?id=1231946 > > Bug 1251762 - dnssec-triggerd ignores net.ipv6.conf.all.disable_ipv6=1 > in /etc/sysctl.conf > https://bugzilla.redhat.com/show_bug.cgi?id=1251762 > > (maybe other software like avahi also don't remember right now) > > You can reproduce this by putting "ipv6.disable=1" in the kernel command line. > > Doing 'setsebool -P domain_kernel_load_modules 1' would reduce the > security provided by SELinux so it is not an option. > > Would appreciate fixes please. Thanks. > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
