modify sysctl.conf on F17

[linuxquest]

Hello everyone

I've modified sysctl.conf and now
reboot F17 gives me at start up

Quote:

Failed to start Apply Kernel Variables
See 'systemctl status systemd-sysctl.service' for details.

trying systemctl status systemd-sysctl.service gives me

Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static)
Active: failed (Result: exit-code) since Thu, 30 Aug 2012 17:29:42 +0100; 17h ago
Docs: man:systemd-sysctl.service(8)
man:sysctl.d(5)
Main PID: 669 (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/systemd-sysctl.service

what has changed for sysctl in F17 ?
the reease notes says nothing about that

thanks

[jpollard]

Depends on what you modified. How about showing what it was.

[linuxquest]

here is my sysctl.conf:

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

#Prevent SYN attack
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0


# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0


# Modify system limits for Ensim WEBppliance
fs.file-max = 65000

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Set maximum amount of memory allocated to shm to 256MB
kernel.shmmax = 268435456

# Improve file system performance
#vm.bdflush = 100 1200 128 512 15 5000 500 1884 2

# Improve virtual memory performance
#vm.buffermem = 90 10 60

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 57344 57344 65536

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 32768 65536 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 98304 196608 1572864

# Increase the maximum and default receive socket buffer size
net.core.rmem_max = 524280
net.core.rmem_default = 524280

# Increase the maximum and default send socket buffer size
net.core.wmem_max = 524280
net.core.wmem_default = 524280

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

[smr54]

Please don't take this wrong, but perhaps you should look at http://www.catb.org/esr/faqs/smart-questions.html

Don't you think it's somewhat unreasonable to go through their own config file to see what you changed?

Many people looking through the forum are busy people, and the odds of you getting help are much higher if you save them time, with for example, I changed this line from X to Y in this file, and now I have this problem. When I changed it back, the problem went away. (Or didn't). Formerly, I used to make this change without issue.

[DBelton]

I don't know what you changed, but even if it loads it, you probably just totally screwed up your TCP/IP performance.

The defaults for the linux kernel are pretty much the best performing options you are going to get. Go monkeying around with them, you are going to trash your performance unless you know EXACTLY what each one does and what you need to change to improve it.

[marko]

Looks like he added a whole bunch of stuff. I have the default sysctl.conf and mine is 25 lines long. His starts just like mine until the last three net.bridge.bridge-nf-call-* lines (which were removed), then all the remaining lines are new.

[linuxquest]

Hello

i've replaced sysctl.conf with the original one that comes with f17, and I have the same problem
"Failed to start Apply Kernel Variables" at startup

See 'systemctl status systemd-sysctl.service' for details.

systemd-sysctl.service - Apply Kernel Variables
Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static)
Active: failed (Result: exit-code) since Sun, 02 Sep 2012 11:28:15 +0100; 5s ago
Docs: man:systemd-sysctl.service(8)
man:sysctl.d(5)
Process: 2320 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/systemd-sysctl.service

so i don't know what's to do next ?

[jpollard]

How did you replace it? Does it have the proper security label?

[linuxquest]

Quote:

Originally Posted by jpollard

How did you replace it? Does it have the proper security label?

cp sysctl.conf.old sysctl.conf

ls -Z sysctl.conf :

-rw-r--r--. root root system_u:object_r:system_conf_t:s0 sysctl.conf


thanks

[marko]

What happens if you circumvent systemctl and just do the load manually?

Run

Quote:

sysctl -p /etc/sysctl.conf

as root and see if there's an error

[DBelton]

also, look in /etc/sysctl.d/ and make certain you don't have files in there that could have errors in them. They get loaded just like /etc/sysctl.conf does.