Hi Dan! In general this looks good to me and I favor removing delta as much as possible.
Checking the history of this patch, it was introduced in 2017 to set the *.promote_secondaries=1 and *.default_qdisc=fq_codel values, which are the defaults today. (LP: #1721223) – So it's fine keeping those upstream values IMO.
It was then modified in 2019 to explicitly drop upstream's default fs.protected_regular=1 and fs.protected_fifos=1 values. (LP: #1845637) – Checking a current Ubuntu Hirsute system shows:
Who sets the fs.protected_regular=2 value (is it the kernel?) – Would upstream systemd's default of fs.protected_regular=1 override this current value, and thus degrate security?
Hi Dan! In general this looks good to me and I favor removing delta as much as possible.
Checking the history of this patch, it was introduced in 2017 to set the *.promote_ secondaries= 1 and *.default_ qdisc=fq_ codel values, which are the defaults today. (LP: #1721223) – So it's fine keeping those upstream values IMO.
It was then modified in 2019 to explicitly drop upstream's default fs.protected_ regular= 1 and fs.protected_ fifos=1 values. (LP: #1845637) – Checking a current Ubuntu Hirsute system shows:
$ sudo sysctl fs.protected_ regular regular = 2
fs.protected_
$ sudo sysctl fs.protected_fifos
fs.protected_fifos = 1
Who sets the fs.protected_ regular= 2 value (is it the kernel?) – Would upstream systemd's default of fs.protected_ regular= 1 override this current value, and thus degrate security?
What are your thoughts on this?