From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Oct 2016 17:36:28 +0000 (+0200)
Subject: sysctl: run sysctl service if /proc/sys/net is writable (#4425)
X-Git-Tag: v232~67
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=411e869f497c7c7bd0688f1e3500f9043bc56e48;p=thirdparty%2Fsystemd.git

sysctl: run sysctl service if /proc/sys/net is writable (#4425)

This simply changes this line:

    ConditionPathIsReadWrite=/proc/sys/

to this:

     ConditionPathIsReadWrite=/proc/sys/net/

The background for this is that the latter is namespaced through network
namespacing usually and hence frequently set as writable in containers, even
though the former is kept read-only. If /proc/sys is read-only but
/proc/sys/net is writable we should run the sysctl service, as useful settings
may be made in this case.

Fixes: #4370
---

diff --git a/units/systemd-sysctl.service.in b/units/systemd-sysctl.service.in
index d784c6426db..980f611df2e 100644
--- a/units/systemd-sysctl.service.in
+++ b/units/systemd-sysctl.service.in
@@ -12,7 +12,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-modules-load.service
 Before=sysinit.target shutdown.target
-ConditionPathIsReadWrite=/proc/sys/
+ConditionPathIsReadWrite=/proc/sys/net/
 
 [Service]
 Type=oneshot