On mer., 2016-01-13 at 15:29 -0500, Daniel Kahn Gillmor wrote: > > It's not that they are not supported, but rather that you don't have > > permission to write them. By chance, is kernel.grsecurity.grsec_lock set > to 1? > > yes, it's set to 1 inside /etc/sysctl.d/grsec.conf itself (i haven't > changed any of these files from their defaults). And after a normal > boot, i see that systemd-sysctl.service is marked as "failed" (e.g., in > the output of "systemctl").
Yes, unfortunately any failed sysctl setting will mark the unit as failed. Nothing I can do here. > > This implies that systemd-sysctl.service is somehow getting (re)started > more than once during normal boot, and the second time it's failing > because of the grsec settings. does that sound right? Maybe, although any failed setting would give the same result. > > FWIW, this system is using dracut for its initramfs, and systemd from > unstable. Maybe that's related. > > are you unable to replicate this situation? Didn't test yet, but if sysctl are applied in initrd, yes that makes sense. Unfortunately there's not much I can do here. -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
