On Wed 2016-01-13 15:05:02 -0500, Yves-Alexis Perez wrote:
> On mer., 2016-01-13 at 13:44 -0500, Daniel Kahn Gillmor wrote:
>> by default, the systemd-sysctl.service service cannot start up
>> successfully on this machine, because of some kernel settings in
>> /etc/sysctl.d/grsec.conf which do not appear to be supported.
>
> It's not that they are not supported, but rather that you don't have
> permission to write them. By chance, is kernel.grsecurity.grsec_lock set to 1?
yes, it's set to 1 inside /etc/sysctl.d/grsec.conf itself (i haven't
changed any of these files from their defaults). And after a normal
boot, i see that systemd-sysctl.service is marked as "failed" (e.g., in
the output of "systemctl").
This implies that systemd-sysctl.service is somehow getting (re)started
more than once during normal boot, and the second time it's failing
because of the grsec settings. does that sound right?
FWIW, this system is using dracut for its initramfs, and systemd from
unstable.
are you unable to replicate this situation?
--dkg
