On Fri, Oct 17, 2014 at 11:45:32AM -0400, Josh Boyer wrote:
On Fri, Oct 17, 2014 at 11:43 AM, Matthew Miller
> On Fri, Oct 17, 2014 at 05:01:34PM +0200, Michal Schmidt wrote:
>> we're considering adding "net.core.default_qdisc = fq_codel" to
>> the default sysctl config shipped with systemd.
> That's kind of surprising to me. What's the rationale behind setting these
> kind of defaults at the systemd level?
We provide the following defaults in
# System Request functionality of the kernel (SYNC)
kernel.sysrq = 16 ( a safe subset of sysrq )
# Source route verification
net.ipv4.conf.default.rp_filter = 1 (various safety features)
net.ipv4.conf.all.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries = 1 ( avoid nasty surprises when
net.ipv4.conf.all.promote_secondaries = 1 dropping addresses dynamicall )
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0 ( this allows normal libvirt
net.bridge.bridge-nf-call-iptables = 0 to work out of the box)
net.bridge.bridge-nf-call-arptables = 0
(+ some coredump related stuff which is actually overriden by abrt.)
In a way, adding those settings through sysctl files is nicer for the
end user because it is very transparent. It is also trivial to override
by copying the file to /etc and changing some settings.
It seems that net.core.default_qdisc also fits here, although changing
the default in the kernel might be better (slightly more efficient, etc).
I'd be curious to hear that as well, but for a location it's
irrelevant to Fedora. Either the default sysctl config in systemd or
the one provided in initscripts results in the same net effect.
The location is not
terribly important, but we've migrated sysctl
overrides from initscripts to systemd, because initscripts is nowadays
mostly about scripts to bring up the network and optional, and since
systemd actually writes the sysctl settings, it seems appropriate to
keep those settings there instead of spread out over two packages.