Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Hello, It seems that procps version = 3.2.8-8 doesn't fix the problem. I run a Debian Squeeze and at boot time, I get : Setting kernel variables ... error: net.ipv6.bindv6only is an unknown key error: net.ipv6.conf.eth0.autoconf is an unknown key failed. Theses keys are in files under the /etc/sysctl.d/ directory. Anyone has the problem anymore ? Thanks. -- Jérémie Rodriguez Equipe Réseau Intra et Télécom Centre Inter-Etablissements pour les Services Réseaux (CISR) Université Claude Bernard - Lyon 1 Bât. Doyen Braconnier 21 avenue Claude Bernard 69622 Villeurbanne Cedex Tél. : 04-72-43-10-38 (interne : 31038) Mobile : 06-78-00-32-82 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
On Tue, Jun 29, 2010 at 10:56:09AM +0200, Jérémie Rodriguez wrote: It seems that procps version = 3.2.8-8 doesn't fix the problem. I run a Debian Squeeze and at boot time, I get : Did you read the README file in /usr/share/doc/procps? It explains some about this. Anyone has the problem anymore ? People with stock Debian kernels do not. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Hello, My fault, I didn't read the README file (RTFM is always for others :) ). I tried one of the solutions explained in this file : putting ipv6 in /etc/modules. After a reboot, the kernel system variables concerning IPv6 are set as expected. For information, I use the Debian Xen kernel which doesn't have IPv6 compiled-in but use the module instead. Cheers. On 06/29/2010 02:32 PM, Craig Small wrote: On Tue, Jun 29, 2010 at 10:56:09AM +0200, Jérémie Rodriguez wrote: It seems that procps version = 3.2.8-8 doesn't fix the problem. I run a Debian Squeeze and at boot time, I get : Did you read the README file in /usr/share/doc/procps? It explains some about this. Anyone has the problem anymore ? People with stock Debian kernels do not. - Craig -- Jérémie Rodriguez Equipe Réseau Intra et Télécom Centre Inter-Etablissements pour les Services Réseaux (CISR) Université Claude Bernard - Lyon 1 Bât. Doyen Braconnier 21 avenue Claude Bernard 69622 Villeurbanne Cedex Tél. : 04-72-43-10-38 (interne : 31038) Mobile : 06-78-00-32-82 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
[Craig Small] That's the thing I was asking for :) But the problem is (AFAIK) that with LSB dependencies one can only specify depends and not kind of reverse depends. The init.d headers can have reverse dependencies too. Those are X-Start-Before and X-Stop-After. Check URL:http://wiki.debian.org/LSBInitScripts for the details. It is unclear to me which init.d script is actually loading the ipv6 kernel module, so I do not know where the procps script actually belong in the boot. If it should run after module-init-tools and before the network is set up, these headers would work. # Should-Start: module-init-tools # X-Start-Before:$network On my Lenny system there was nothing loading the ipv6 kernel modules, so I am not sure if module-init-tools is the correct facility to start after. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
On Tue, 2009-08-25 at 15:04 +1000, Craig Small wrote: On Fri, Aug 14, 2009 at 12:04:55AM +0200, Christoph Anton Mitterer wrote: The issue that sysctl MUST be loaded BEFORE network interfaces are brought up (for security reasons) is this secured by the LSB init script headers? You're saying it should be done before the interfaces are brought up, but the bug report is about sysctl running too early. Yes,... after the modules (such that the /proc entries are actually there),.. but before the interfaces (such that no network is open, while potential security important options are not yet set). I mean now that insserv and concurrent booting moves to be the default... it's quite important to secure this, IMHO. The problem is you are trying to satisfy two mutually exclusive requirements. No matter where sysctl is run, it is too early or two late for something. Now with insserv, perhaps there is a place it can be run, before the interfaces are configured but after the module is loaded, if such a place exists. That's the thing I was asking for :) But the problem is (AFAIK) that with LSB dependencies one can only specify depends and not kind of reverse depends. Chris. smime.p7s Description: S/MIME cryptographic signature
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
On Fri, Aug 14, 2009 at 12:04:55AM +0200, Christoph Anton Mitterer wrote: The issue that sysctl MUST be loaded BEFORE network interfaces are brought up (for security reasons) is this secured by the LSB init script headers? You're saying it should be done before the interfaces are brought up, but the bug report is about sysctl running too early. I mean now that insserv and concurrent booting moves to be the default... it's quite important to secure this, IMHO. The problem is you are trying to satisfy two mutually exclusive requirements. No matter where sysctl is run, it is too early or two late for something. Now with insserv, perhaps there is a place it can be run, before the interfaces are configured but after the module is loaded, if such a place exists. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Hi. Apart from the question, whether anything new has happened here? The issue that sysctl MUST be loaded BEFORE network interfaces are brought up (for security reasons) is this secured by the LSB init script headers? I mean now that insserv and concurrent booting moves to be the default... it's quite important to secure this, IMHO. Regards, Chris. This message was sent using IMP, the Internet Messaging Program. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
also sprach Didier Raboud [EMAIL PROTECTED] [2008.12.05.1342 +0100]: As ipv6 is a release goal, my guess is that a solution has to be found. Maybe the easiest solution is simply to load the ipv6 module early on, unconditionally? -- .''`. martin f. krafft [EMAIL PROTECTED] Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems warning at the gates of bill: abandon hope, all ye who press enter here... digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
On Fri, Dec 05, 2008 at 01:42:50PM +0100, Didier Raboud wrote: As ipv6 is a release goal, my guess is that a solution has to be found. Then, why not getting opininons by consulting -devel about It will break things, not might, it will. The easiest examples being anything that uses the /conf/default/ in the network setup and not /conf/all/ and anything that needs to be there before the interfaces are brought online. There will be a small but definite gap between when an interface is brought up and when the parameters are applied. Some of those parameters are security related and so there is a problem right there. While IPv6 is a release goal, having sysctl handle the fact the module is not there first is not. There are ways to have the ipv6 module load late and to have kernel parameters setup in it. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
On Thu, Dec 04, 2008 at 02:26:54PM +0100, martin f krafft wrote: The ipv6 module on Debian is loaded only by the networking code, so either sysctl.conf should run after that, or the ipv6 module needs to be loaded before somehow. There is no sensible fix for this. The problem is that any time is the wrong time for the init script to run, for someone. If I shift it back, other stuff won't work. The ipv6 stuff is commented out, for some reason I don't get this problem you experience. In any case if there is no fix for it I'm going to downgrade the bug. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
also sprach Craig Small [EMAIL PROTECTED] [2008.12.05.1211 +0100]: There is no sensible fix for this. The problem is that any time is the wrong time for the init script to run, for someone. Do you have specific examples that would break if procps ran at S40? -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
On Fri, Dec 05, 2008 at 12:29:43PM +0100, martin f krafft wrote: also sprach Craig Small [EMAIL PROTECTED] [2008.12.05.1211 +0100]: There is no sensible fix for this. The problem is that any time is the wrong time for the init script to run, for someone. Do you have specific examples that would break if procps ran at S40? Shifting it to 40 would probably fix your ipv6 related bug, I guess. There are some settings that need to be set before the interfaces come online, I'm not sure of the specifics but I do know these keys are out there and they do need to be set before networking starts. Ideally there probably should be some sort of runlevel type sysctl setup, that's going to be fiddly and not trivial to write, but not impossible either. My worry is that we move it, you're happy, people who have similiar problems to you are happy but then suddenly another group of people spring up with hey, why did you move sysctl, you broke my system now - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Le vendredi 5 décembre 2008 12:35:44 Craig Small, vous avez écrit : On Fri, Dec 05, 2008 at 12:29:43PM +0100, martin f krafft wrote: also sprach Craig Small [EMAIL PROTECTED] [2008.12.05.1211 +0100]: There is no sensible fix for this. The problem is that any time is the wrong time for the init script to run, for someone. Do you have specific examples that would break if procps ran at S40? Shifting it to 40 would probably fix your ipv6 related bug, I guess. There are some settings that need to be set before the interfaces come online, I'm not sure of the specifics but I do know these keys are out there and they do need to be set before networking starts. Ideally there probably should be some sort of runlevel type sysctl setup, that's going to be fiddly and not trivial to write, but not impossible either. My worry is that we move it, you're happy, people who have similiar problems to you are happy but then suddenly another group of people spring up with hey, why did you move sysctl, you broke my system now - Craig As ipv6 is a release goal, my guess is that a solution has to be found. Then, why not getting opininons by consulting -devel about * what would happen if procps was moved fromS30 Required-Start:mountkernfs to S45 Required-Start:mountkernfs $network (actually, AFAII, the number is somewhat automagic, what matters is the Required-Start) * other solution ideas ? Regards, OdyX -- Didier Raboud, proud Debian user. CH-1802 Corseaux [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part.
Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Package: procps Version: 1:3.2.7-9 Severity: serious Tags: ipv6 File: /etc/sysctl.conf Setting kernel variables (/etc/sysctl.conf)...error: net.ipv6.conf.default.autoconf is an unknown key error: net.ipv6.conf.default.accept_ra is an unknown key error: net.ipv6.conf.default.accept_ra_defrtr is an unknown key error: net.ipv6.conf.default.accept_ra_pinfo is an unknown key error: net.ipv6.conf.default.accept_source_route is an unknown key error: net.ipv6.conf.default.accept_redirects is an unknown key error: net.ipv6.conf.default.forwarding is an unknown key error: net.ipv6.conf.all.autoconf is an unknown key error: net.ipv6.conf.all.accept_ra is an unknown key error: net.ipv6.conf.all.accept_ra_defrtr is an unknown key error: net.ipv6.conf.all.accept_ra_pinfo is an unknown key error: net.ipv6.conf.all.accept_source_route is an unknown key error: net.ipv6.conf.all.accept_redirects is an unknown key error: net.ipv6.conf.all.forwarding is an unknown key failed. Mounting local filesystems...done. Activating swapfile swap...done. Setting up resolvconf...done. Setting up networking The ipv6 module on Debian is loaded only by the networking code, so either sysctl.conf should run after that, or the ipv6 module needs to be loaded before somehow. RC severity, since ipv6 is a release goal and this prevents me from using sysctl.conf for setting stuff like ipv6 forwarding, but forces me to use hooks and/or rc.local instead. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.27-1-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages procps depends on: ii libc6 2.7-16GNU C Library: Shared libraries ii libncurses55.7+2008115-1 shared libraries for terminal hand ii lsb-base 3.2-20Linux Standard Base 3.2 init scrip Versions of packages procps recommends: ii psmisc22.6-1 Utilities that use the proc filesy procps suggests no packages. -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)