Merge ~ddstreet/ubuntu/+source/systemd:revert-sysctl-conf-patch into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-impish
Proposed by
Dan Streetman
Status: | Merged |
---|---|
Approved by: | Lukas Märdian |
Approved revision: | 5bb4d314bf2f6195d5dbf7ca016b508492c4427c |
Merged at revision: | 5bb4d314bf2f6195d5dbf7ca016b508492c4427c |
Proposed branch: | ~ddstreet/ubuntu/+source/systemd:revert-sysctl-conf-patch |
Merge into: | ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-impish |
Diff against target: |
83 lines (+3/-52) 3 files modified
debian/changelog (+3/-0) debian/patches/series (+0/-1) dev/null (+0/-51) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Lukas Märdian | Approve | ||
Review via email: mp+406474@code.launchpad.net |
To post a comment you must log in.
Hi Dan! In general this looks good to me and I favor removing delta as much as possible.
Checking the history of this patch, it was introduced in 2017 to set the *.promote_ secondaries= 1 and *.default_ qdisc=fq_ codel values, which are the defaults today. (LP: #1721223) – So it's fine keeping those upstream values IMO.
It was then modified in 2019 to explicitly drop upstream's default fs.protected_ regular= 1 and fs.protected_ fifos=1 values. (LP: #1845637) – Checking a current Ubuntu Hirsute system shows:
$ sudo sysctl fs.protected_ regular regular = 2
fs.protected_
$ sudo sysctl fs.protected_fifos
fs.protected_fifos = 1
Who sets the fs.protected_ regular= 2 value (is it the kernel?) – Would upstream systemd's default of fs.protected_ regular= 1 override this current value, and thus degrate security?
What are your thoughts on this?