does /etc/sysctl.d/ really obeyed and does really override /etc/sysctl.conf

Lennart Poettering mzerqung at
Fri Mar 16 23:19:35 UTC 2012

On Fri, 16.03.12 14:40, Michal Hlavinka (mhlavink at wrote:

> On 03/16/2012 02:28 PM, Lennart Poettering wrote:
> >On Fri, 16.03.12 14:54, Muayyad AlSadi (alsadi at wrote:
> >
> >>but this does not make sense
> >>
> >>the idea behind all .d is to allow packages to provide default (either
> >>kernel defaults or distro defaults)
> >>because the other choice is to use %post and sed
> >
> >>eg. let's say I made a firewall package that needs to enable
> >>forwarding, it would put it in a sysctl.d
> >
> >If a package places a sysctl file in /etc/sysctl.d/ then you can
> >override it with /etc/sysctl.conf, hence everything is as it should, no?
> >This whole logic is designed so that the admin's configuration always
> >takes precedence over vendor configuration. Which is the right thing to
> >do.
> >
> >That said, note that it's probably a good idea if packages stick their
> >sysctl files in /usr/lib/sysctl.d instead, so that that users can use
> >/etc/sysctl.d/ to override that. /etc/sysctl.conf is read mostly for
> >compatibility reasons only.
> As I understand it, Muayyad has different problem. Right now, the
> /etc/sysctl.conf we ship is not empty. It has several values set,
> one of them is sysrq=0 he used in his example. No one set this is
> value, it's just default value and yet, no package can change it by
> placing its file in /etc/sysctl.d This would work only if
> sysctl.conf is empty and all default configuration is moved to
> /etc/sysctl.d/00-systemdefault.conf

Ah, hmm, I wasn't aware of that. 

I think ideally we'd just change the defaults in our kernel so that we
ship with no default sysctl.conf file. Reconfiguring the kernel defaults
all the time out-of-the-box sounds pretty suboptimal to me.

(That said, if that's really not possible, and we need to keep the file,
we should probaly name it /usr/lib/sysctl.d/00-systemd-default.conf or so)


Lennart Poettering - Red Hat, Inc.

More information about the devel mailing list