[Merge] ~ddstreet/ubuntu/+source/systemd:revert-sysctl-conf-patch into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-impish

Mon Aug 2 14:00:23 UTC 2021

Hi Dan! In general this looks good to me and I favor removing delta as much as possible.

Checking the history of this patch, it was introduced in 2017 to set the *.promote_secondaries=1 and *.default_qdisc=fq_codel values, which are the defaults today. (LP: #1721223) – So it's fine keeping those upstream values IMO.

It was then modified in 2019 to explicitly drop upstream's default fs.protected_regular=1 and fs.protected_fifos=1 values. (LP: #1845637) – Checking a current Ubuntu Hirsute system shows:

$ sudo sysctl fs.protected_regular
fs.protected_regular = 2
$ sudo sysctl fs.protected_fifos
fs.protected_fifos = 1

Who sets the fs.protected_regular=2 value (is it the kernel?) – Would upstream systemd's default of fs.protected_regular=1 override this current value, and thus degrate security?

What are your thoughts on this?
-- 
https://code.launchpad.net/~ddstreet/ubuntu/+source/systemd/+git/systemd/+merge/406474
Your team Ubuntu Core Development Team is subscribed to branch ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-impish.