On Fri, Oct 17, 2014 at 11:45:32AM -0400, Josh Boyer wrote: > On Fri, Oct 17, 2014 at 11:43 AM, Matthew Miller > <mattdm@xxxxxxxxxxxxxxxxx> wrote: > > On Fri, Oct 17, 2014 at 05:01:34PM +0200, Michal Schmidt wrote: > >> we're considering adding "net.core.default_qdisc = fq_codel" to > >> the default sysctl config shipped with systemd. > > > > That's kind of surprising to me. What's the rationale behind setting these > > kind of defaults at the systemd level? We provide the following defaults in systemd.rpm: # System Request functionality of the kernel (SYNC) kernel.sysrq = 16 ( a safe subset of sysrq ) # Source route verification net.ipv4.conf.default.rp_filter = 1 (various safety features) net.ipv4.conf.all.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_source_route = 0 # Enable hard and soft link protection fs.protected_hardlinks = 1 fs.protected_symlinks = 1 # Promote secondary addresses when the primary address is removed net.ipv4.conf.default.promote_secondaries = 1 ( avoid nasty surprises when adding net.ipv4.conf.all.promote_secondaries = 1 dropping addresses dynamicall ) # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 ( this allows normal libvirt setups net.bridge.bridge-nf-call-iptables = 0 to work out of the box) net.bridge.bridge-nf-call-arptables = 0 (+ some coredump related stuff which is actually overriden by abrt.) In a way, adding those settings through sysctl files is nicer for the end user because it is very transparent. It is also trivial to override by copying the file to /etc and changing some settings. It seems that net.core.default_qdisc also fits here, although changing the default in the kernel might be better (slightly more efficient, etc). > I'd be curious to hear that as well, but for a location it's kind of > irrelevant to Fedora. Either the default sysctl config in systemd or > the one provided in initscripts results in the same net effect. The location is not terribly important, but we've migrated sysctl overrides from initscripts to systemd, because initscripts is nowadays mostly about scripts to bring up the network and optional, and since systemd actually writes the sysctl settings, it seems appropriate to keep those settings there instead of spread out over two packages. Zbyszek _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
