proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2025-05-29 15:29:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e735f4d4ea
systemd/man/sysctl.d.html
Martin Pitt e735f4d4ea Imported Upstream version 219
2015-02-17 11:22:16 +01:00

103 lines
8.9 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>sysctl.d</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
a.headerlink {
color: #c60f0f;
font-size: 0.8em;
padding: 0 4px 0 4px;
text-decoration: none;
visibility: hidden;
}
a.headerlink:hover {
background-color: #c60f0f;
color: white;
}
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
visibility: visible;
}
</style><a href="index.html">Index </a>·
<a href="systemd.directives.html">Directives </a>·
<a href="../python-systemd/index.html">Python </a>·
<a href="../libudev/index.html">libudev </a>·
<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 219</span><hr><div class="refentry"><a name="sysctl.d"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>sysctl.d — Configure kernel parameters at boot</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/sysctl.d/*.conf</code></p><p><code class="filename">/run/sysctl.d/*.conf</code></p><p><code class="filename">/usr/lib/sysctl.d/*.conf</code></p></div><div class="refsect1"><a name="idm139898326523312"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description"></a></h2><p>At boot,
<a href="systemd-sysctl.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-sysctl.service</span>(8)</span></a>
reads configuration files from the above directories to configure
<a href="sysctl.html"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a>
kernel parameters.</p></div><div class="refsect1"><a name="idm139898326520464"></a><h2 id="Configuration Format">Configuration Format<a class="headerlink" title="Permalink to this headline" href="#Configuration%20Format"></a></h2><p>The configuration files contain a list of variable
assignments, separated by newlines. Empty lines and lines whose
first non-whitespace character is "<code class="literal">#</code>" or
"<code class="literal">;</code>" are ignored.</p><p>Note that either "<code class="literal">/</code>" or
"<code class="literal">.</code>" may be used as separators within sysctl
variable names. If the first separator is a slash, remaining
slashes and dots are left intact. If the first separator is a dot,
dots and slashes are interchanged.
"<code class="literal">kernel.domainname=foo</code>" and
"<code class="literal">kernel/domainname=foo</code>" are equivalent and will
cause "<code class="literal">foo</code>" to be written to
<code class="filename">/proc/sys/kernel/domainname</code>. Either
"<code class="literal">net.ipv4.conf.enp3s0/200.forwarding</code>" or
"<code class="literal">net/ipv4/conf/enp3s0.200/forwarding</code>" may be used
to refer to
<code class="filename">/proc/sys/net/ipv4/conf/enp3s0.200/forwarding</code>.
</p><p>The settings configured with <code class="filename">sysctl.d</code>
files will be applied early on boot. The network
interface-specific options will also be applied individually for
each network interface as it shows up in the system. (More
specifically, <code class="filename">net.ipv4.conf.*</code>,
<code class="filename">net.ipv6.conf.*</code>,
<code class="filename">net.ipv4.neigh.*</code> and
<code class="filename">net.ipv6.neigh.*</code>).</p><p>Many sysctl parameters only become available when certain
kernel modules are loaded. Modules are usually loaded on demand,
e.g. when certain hardware is plugged in or network brought up.
This means that
<a href="systemd-sysctl.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-sysctl.service</span>(8)</span></a>
which runs during early boot will not configure such parameters if
they become available after it has run. To set such parameters, it
is recommended to add an
<a href="udev.html"><span class="citerefentry"><span class="refentrytitle">udev</span>(7)</span></a>
rule to set those parameters when they become available.
Alternatively, a slightly simpler and less efficient option is to
add the module to
<a href="modules-load.d.html"><span class="citerefentry"><span class="refentrytitle">modules-load.d</span>(5)</span></a>,
causing it to be loaded statically before sysctl settings are
applied (see example below).</p></div><div class="refsection"><a name="confd"></a><h2>Configuration Directories and Precedence</h2><p>Configuration files are read from directories in
<code class="filename">/etc/</code>, <code class="filename">/run/</code>, and
<code class="filename">/usr/lib/</code>, in order of precedence.
Each configuration file in these configuration directories shall be named in
the style of <code class="filename"><em class="replaceable"><code>filename</code></em>.conf</code>.
Files in <code class="filename">/etc/</code> override files with the same name in
<code class="filename">/run/</code> and <code class="filename">/usr/lib/</code>. Files in
<code class="filename">/run/</code> override files with the same name in
<code class="filename">/usr/lib/</code>.</p><p>Packages should install their configuration files in
<code class="filename">/usr/lib/</code>. Files in <code class="filename">/etc/</code> are
reserved for the local administrator, who may use this logic to override the
configuration files installed by vendor packages. All configuration files
are sorted by their filename in lexicographic order, regardless of which of
the directories they reside in. If multiple files specify the same option,
the entry in the file with the lexicographically latest name will take
precedence. It is recommended to prefix all filenames with a two-digit number
and a dash, to simplify the ordering of the files.</p><p>If the administrator wants to disable a configuration file supplied by
the vendor, the recommended way is to place a symlink to
<code class="filename">/dev/null</code> in the configuration directory in
<code class="filename">/etc/</code>, with the same filename as the vendor
configuration file.</p></div><div class="refsect1"><a name="idm139898330400480"></a><h2 id="Examples">Examples<a class="headerlink" title="Permalink to this headline" href="#Examples"></a></h2><div class="example"><a name="idm139898330399808"></a><p class="title"><b>Example 1. Set kernel YP domain name</b></p><div class="example-contents"><p><code class="filename">/etc/sysctl.d/domain-name.conf</code>:
</p><pre class="programlisting">kernel.domainname=example.com</pre></div></div><br class="example-break"><div class="example"><a name="idm139898330397296"></a><p class="title"><b>Example 2. Disable packet filter on bridged packets (method one)</b></p><div class="example-contents"><p><code class="filename">/etc/udev/rules.d/99-bridge.rules</code>:
</p><pre class="programlisting">ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge"
</pre><p><code class="filename">/etc/sysctl.d/bridge.conf</code>:
</p><pre class="programlisting">net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
</pre></div></div><br class="example-break"><div class="example"><a name="idm139898330392976"></a><p class="title"><b>Example 3. Disable packet filter on bridged packets (method two)</b></p><div class="example-contents"><p><code class="filename">/etc/modules-load.d/bridge.conf</code>:
</p><pre class="programlisting">bridge</pre><p><code class="filename">/etc/sysctl.d/bridge.conf</code>:
</p><pre class="programlisting">net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
</pre></div></div><br class="example-break"></div><div class="refsect1"><a name="idm139898330381280"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also"></a></h2><p>
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
<a href="systemd-sysctl.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-sysctl.service</span>(8)</span></a>,
<a href="systemd-delta.html"><span class="citerefentry"><span class="refentrytitle">systemd-delta</span>(1)</span></a>,
<a href="sysctl.html"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a>,
<a href="sysctl.conf.html"><span class="citerefentry"><span class="refentrytitle">sysctl.conf</span>(5)</span></a>,
<a href="modprobe.html"><span class="citerefentry"><span class="refentrytitle">modprobe</span>(8)</span></a>
</p></div></div></body></html>
Reference in New Issue View Git Blame Copy Permalink