Fedora IPv6 testing and improvements - request for ideas
Josef Bacik
josef at toxicpanda.com
Tue Nov 3 17:56:42 UTC 2015
So one thing I would suggest is testing ipv6 only environments. At
Facebook we are running into and fixing a whole host of problems with
NetworkManager, Anaconda, Dracut, etc. because they don't handle ipv6
only very well. It seems that having ipv4 enabled allows things to
work well enough that nobody notices problems with ipv6. Thanks,
Josef
On Tue, Nov 3, 2015 at 12:50 PM, Moez Roy <moez.roy at gmail.com> wrote:
> Hi Pavel Simerda,
>
> The IPv6 updates are breaking stuff (and probably increasing the
> attack surface):
>
> Bug 1231946 - unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1
> in /etc/sysctl.conf
> https://bugzilla.redhat.com/show_bug.cgi?id=1231946
>
> Bug 1251762 - dnssec-triggerd ignores net.ipv6.conf.all.disable_ipv6=1
> in /etc/sysctl.conf
> https://bugzilla.redhat.com/show_bug.cgi?id=1251762
>
> (maybe other software like avahi also don't remember right now)
>
> You can reproduce this by putting "ipv6.disable=1" in the kernel command line.
>
> Doing 'setsebool -P domain_kernel_load_modules 1' would reduce the
> security provided by SELinux so it is not an option.
>
> Would appreciate fixes please. Thanks.
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
More information about the devel
mailing list