Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
SuSEfirewall2
0006-backport-of-sysctl.d-feature-from-master-b...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0006-backport-of-sysctl.d-feature-from-master-bnc-1044523.patch of Package SuSEfirewall2
From 730b42ff5fcf16cbdb8747a24fa790b2def32e7d Mon Sep 17 00:00:00 2001 From: Matthias Gerstner <matthias.gerstner@suse.de> Date: Mon, 17 Jul 2017 15:37:49 +0200 Subject: [PATCH] backport of sysctl.d feature from master this is a manual backport of commits b123d46b2737e43ea14a33749f728a56bcfcb60f 4842cf662ed523a9426153f738d9e3f7969d7ba5 842ef939c43e7766faf6c55db4637402de28beed dfe8ad9a8b4ae9f715bf2e6c03427b17b0cb1dbc branches have diverged too much for a real git merge, would have been more work than this way. cherry-picked from SLE-12 --- SuSEfirewall2 | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- SuSEfirewall2.sysconfig | 14 +++++++++++++- 2 files changed, 59 insertions(+), 3 deletions(-) diff --git a/SuSEfirewall2 b/SuSEfirewall2 index 04bc6be..481eb71 100755 --- a/SuSEfirewall2 +++ b/SuSEfirewall2 @@ -561,10 +561,54 @@ parse_logging() ### Functions +# checks multiple sysctl.d config locations for configure values +function is_in_any_sysctl() +{ + local value="$1" + + if [ -z "$FW_SYSCTL_PATHS" ]; then + # don't check all available sysctl.d directories for the + # reason discussed in bnc#1044523 + FW_SYSCTL_PATHS="/etc/sysctl.conf /etc/sysctl.d /usr/local/lib/sysctl.d" + fi + + local path + for path in $FW_SYSCTL_PATHS; do + dbgmessage "Checking for sysctl value $value in path $path" + + if [ -d "$path" ]; then + # expand to any config files found in the sysctl.d + # style directory + paths=$path/*.conf + dbgmessage "Expanded $path to $paths" + else + paths=$path + fi + + for file in $paths; do + # check for existence, because the wildcard match + # above might yield no matches, which would result in + # error messages otherwise + if [ -r "$file" ]; then + dbgmessage "Checking in file $file" + is_in_sysctl "$value" "$file" && sysctl_file="$file" && return 0 + dbgmessage "no match" + fi + done + + done + + sysctl_file="" + return 1 +} + +# returns whether the given sysctl setting passed as $1 is found in the sysctl +# style configuration file $2. +# return code of 0 if a value was found, 1 if none was found function is_in_sysctl() { local path="$1" - local sysctl="/etc/sysctl.conf" + local sysctl="$2" # translate the proc path to a sysctl path syspath=`echo "$path" | /usr/bin/cut -d '/' -f 4- | /usr/bin/tr '/' '.'` @@ -593,7 +637,7 @@ function setproc() [ -z "$path" -o ! -w "$path" ] && return - is_in_sysctl $path && dbgmessage "$path override in sysctl.conf, not setting it" && return + is_in_any_sysctl $path && message "$path override in $sysctl_file, not setting it" && return if [ "$MODE" != "debug" ]; then echo "$value" > "$path" diff --git a/SuSEfirewall2.sysconfig b/SuSEfirewall2.sysconfig index 89b588e..9c17ddd 100644 --- a/SuSEfirewall2.sysconfig +++ b/SuSEfirewall2.sysconfig @@ -712,7 +712,7 @@ FW_LOG="" # # If you have configured one of these settings in /etc/sysctl.conf then # SuSEfirewall2 won't apply any different value to allow you to override some -# of these settings to your liking. +# of these settings to your liking. Also see FW_SYSCTL_DIRS. # # Tip: Set this to "no" until you have verified that you have got a # configuration which works for you. Then set this to "yes" and keep it @@ -722,6 +722,18 @@ FW_LOG="" # FW_KERNEL_SECURITY="" +## Type: string +# +# Consider the following sysctl.d style directories and sysctl.conf style +# files before modifying any sysctl values during runtime. If a value is +# already configured in one of these dirs/files then it won't be changed by +# SuSEFirewall any more. +# +# This affects FW_KERNEL_SECURITY settings and forwarding settings for +# FW_ROUTE. If empty this defaults to /etc/sysctl.conf, /etc/sysctl.d, +# /usr/local/lib/sysctl.d.conf. +FW_SYSCTL_PATHS="" + ## Type: yesno # # Whether ip routing should be disabled when the firewall is shut -- 2.12.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor