unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf
Phil Mayers
p.mayers at imperial.ac.uk
Wed Nov 4 11:35:23 UTC 2015
On 04/11/2015 00:32, Robert Edmonds via Unbound-users wrote:
> Paul Wouters via Unbound-users wrote:
>> FYI:
>>
>> rhbz#1231946 - unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1231946
>>
>> Paul
>
> Hi, Paul:
>
> I'm a bit confused. unbound-anchor is an ordinary program that uses the
> sockets API, so it should have no reason to read Linux kernel specific
> sysctl's or change behavior based on their values, since sysctl's are
> parameters for the kernel.
Agreed. What's happening here is a user-space attempt to open an
AF_INET6 socket is causing a modprobe, likely because the reporter has
blocked the IPv6 kernel module from loading ("I don't trust IPv6").
They erroneously believe the sysctl would stop this, when all it does is
disable IPv6 on all interfaces - it's nothing to do with application
behaviour or module loading control.
If there's a bug anywhere here, it's in the SELinux policy blocking the
module_request, but I doubt even that.
Trying to force IPv6 to not load on a Linux system causes all sorts of
subtle errors these days, and should not IMHO be a supported use-case.
More information about the Unbound-users
mailing list