Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"
Michael Biebl
biebl at debian.org
Wed Jun 19 21:33:21 BST 2019
Hi Raphael,
On Tue, 11 Jun 2019 15:51:14 +0200 Raphael Hertzog <hertzog at debian.org>
wrote:
> Hi,
>
> On Wed, 05 Jun 2019, Michael Biebl wrote:
> > systemd-networkd.service in v241 is locked down more tightly then v232.
> > It might be worth a try to comment out the hardening features one by one
> > to see if one of them causes your problem.
>
> Thanks for the idea! I tried that but it did not help. I found the issue
> after a few more tries tweaking the network configuration file. It's
> simply that the system has IPv6 disabled in the kernel policy while the
> .network file instructs to configure an IPv6 address.
>
> Both are contradictory but they happily lived together up-to-now.
> I don't know what changed but if we don't improve systemd-networkd
> to just skip IPv6 configuration when the kernel has a policy disabling
> IPv6, then we will have plenty of servers broken on upgrades because
> it's quite common to keep the network configuration file provided by
> the hoster and just disable IPv6 at the kernel level with sysctl:
>
> $ grep ipv6 /etc/sysctl.conf
> # Disable ipv6
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
> net.ipv6.conf.lo.disable_ipv6 = 1
Ok, thanks for figuring out the root cause.
Given that this only happens under very special circumstances and
networkd not being enabled by default, I'm not entirely sure if this
issue should qualify as RC.
Cherry-picking the 6 upstream commits leads to a merge conflict when
applied on top of v241 and I haven't yet investigated if those can
easily be resolved.
TBH, I feel a bit uneasy doing this change so late in the release cycle
and personally I would downgrade this issue to non-RC and fix this via a
v243 upload to buster-backports.
If you feel strongly about this though, please feel free ask the release
team if the change is ok. A tested patch set would be great in this case.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190619/a7a2d3c0/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list