On 04/11/2015 00:32, Robert Edmonds via Unbound-users wrote:
Paul Wouters via Unbound-users wrote:
FYI:
rhbz#1231946 - unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1 in
/etc/sysctl.conf
https://bugzilla.redhat.com/show_bug.cgi?id=1231946
Paul
Hi, Paul:
I'm a bit confused. unbound-anchor is an ordinary program that uses the
sockets API, so it should have no reason to read Linux kernel specific
sysctl's or change behavior based on their values, since sysctl's are
parameters for the kernel.
Agreed. What's happening here is a user-space attempt to open an
AF_INET6 socket is causing a modprobe, likely because the reporter has
blocked the IPv6 kernel module from loading ("I don't trust IPv6").
They erroneously believe the sysctl would stop this, when all it does is
disable IPv6 on all interfaces - it's nothing to do with application
behaviour or module loading control.
If there's a bug anywhere here, it's in the SELinux policy blocking the
module_request, but I doubt even that.
Trying to force IPv6 to not load on a Linux system causes all sorts of
subtle errors these days, and should not IMHO be a supported use-case.