On Fri, 15.05.15 12:56, Michael Marineau ([email protected]) wrote:
> (build time option to ./configure that is) I guess I'd be OK with that... > > On Fri, May 15, 2015 at 12:55 PM, Michael Marineau > <[email protected]> wrote: > > On Fri, May 15, 2015 at 12:52 PM, Lennart Poettering > > <[email protected]> wrote: > >> On Fri, 15.05.15 12:42, Michael Marineau ([email protected]) > >> wrote: > >> > >>> On Fri, May 15, 2015 at 12:18 PM, Lennart Poettering > >>> <[email protected]> wrote: > >>> > On Fri, 15.05.15 12:08, Nick Owens ([email protected]) wrote: > >>> > > >>> >> In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was > >>> >> introduced > >>> >> to set forwarding flags on interfaces in .network files. networkd sets > >>> >> forwarding options regardless of the previous setting, even if it was > >>> >> set by e.g. sysctl. This commit makes IPForwarding not change > >>> >> forwarding > >>> >> settings, so that systems using sysctl continue to work even if > >>> >> IPForwarding is unset in their .network files. > >>> >> > >>> >> See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial > >>> >> bug report. > >>> > > >>> > I think there should be an explicit way to enable the "kernel default > >>> > mode", i.e. the parser for this one option should consider a special > >>> > value "kernel" or so to explicitly ask for the kernel default. > >>> > > >>> > I'd still prefer if we'd default to ip forwarding off, rather than ip > >>> > forwarding as kernel default, for security reasons. > >>> > >>> Well, in CoreOS we *have* to use the kernel default if the value is > >>> unset, there simply is no way to safely upgrade existing systems to > >>> the new configuration scheme from the old sysctl one. The semantics of > >>> the two are too different. Even if there was a reasonable translation > >>> we are not in the business of modifying user configs. > >> > >> Well, but I think I would prefer if upstream would default to "off", > >> even if coreos then deviates from that and defaults to "kernel"... > > > > Fair enough, should it be a option to configure then? > Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
