[systemd-devel] [PATCH] Split sysctl 50-default.conf setting file

Goffredo Baroncelli kreijack at libero.it
Mon Dec 2 14:52:10 PST 2013


Hi Zbyszek
On 2013-12-02 23:27, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Dec 02, 2013 at 10:27:45PM +0100, Goffredo Baroncelli wrote:
[...]
>>
>> Yes am doing so. But IIRC the process order of the sysctl file was
>> inverted near systemd 207...
>>
>> Because Debian uses 204, when it switches to something more recent than
>> 207 this setup will not work any more :-( so I have to change the order
>> number.
> Yes, that unfortunate :), but easy to work around: just install the file
> with a high number, and symlink with a low number. The symlink can be removed
> after update to 208.

Thanks, good suggestions
> 
>> Anyway I think that it is more clean to separate the setting in more files.
> This would make the number of files equal to the number of settings we are
> changing, which would be messy.

This is not the first case that a config file is split in several
sub-files. The <config>.d directories are a typical example.

I have ne question: what happens if a sysctl setting is in more than
one file ? systemd-sysctl is smart enough to write the last value or
 perform several writes ?


>>> BTW, Kay, why is the default so conservative here (sysrq only)?
>>> I would think that the general principle that the user who has physical
>>> access to the machine and can flip the power switch should be able to
>>> do various things which are disruptive, but not are not proviledge
>>> escalation (let's call them reboot-like).
>>
>> I agree with you
> Kay explained in IRC that we do not allow such actions, because access to
> the keyboad doesn't mean full access to the machine, and we default to safe
> settings. Allowing the reboot though logind is different, because the user
> must authenticate first to open a session.

Sorry, but I cannot agree: from a theoretical point of view Kay has
reason. However who has access to the keyboard and not to the "power
switch" ? If I want to switch the PC and the software cannot allow it, I
unplug the main power...

I think that we should give access to other keys like:
- Boot
- Reboot
- powerOff
- Umount

- often my Xorg freez and syrq-K is also useful

Goffredo

> Zbyszek
> 


-- 
gpg @keyserver.linux.it: Goffredo Baroncelli (kreijackATinwind.it>
Key fingerprint BBF5 1610 0B64 DAC6 5F7D  17B2 0EDA 9B37 8B82 E0B5


More information about the systemd-devel mailing list