sysctl.d.xml revision 7284335adbb8cb2bc9c11f9e102906da1bf71145
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx<!--*-nxml-*-->
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx This file is part of systemd.
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx Copyright 2011 Lennart Poettering
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx systemd is free software; you can redistribute it and/or modify it
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx under the terms of the GNU Lesser General Public License as published by
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx the Free Software Foundation; either version 2.1 of the License, or
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx (at your option) any later version.
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx systemd is distributed in the hope that it will be useful, but
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx WITHOUT ANY WARRANTY; without even the implied warranty of
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx Lesser General Public License for more details.
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx You should have received a copy of the GNU Lesser General Public License
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx along with systemd; If not, see <http://www.gnu.org/licenses/>.
1fb799609e09dd1df20777bef567d27059d90202dirkx <refentryinfo>
1fb799609e09dd1df20777bef567d27059d90202dirkx <authorgroup>
1fb799609e09dd1df20777bef567d27059d90202dirkx </authorgroup>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx </refentryinfo>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <refnamediv>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <refpurpose>Configure kernel parameters at boot</refpurpose>
1fb799609e09dd1df20777bef567d27059d90202dirkx </refnamediv>
1fb799609e09dd1df20777bef567d27059d90202dirkx <refsynopsisdiv>
1fb799609e09dd1df20777bef567d27059d90202dirkx <para><filename>/etc/sysctl.d/*.conf</filename></para>
1fb799609e09dd1df20777bef567d27059d90202dirkx <para><filename>/run/sysctl.d/*.conf</filename></para>
1fb799609e09dd1df20777bef567d27059d90202dirkx <para><filename>/usr/lib/sysctl.d/*.conf</filename></para>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx </refsynopsisdiv>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <para>At boot,
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx reads configuration files from the above directories
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx to configure
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1fb799609e09dd1df20777bef567d27059d90202dirkx kernel parameters.</para>
1fb799609e09dd1df20777bef567d27059d90202dirkx </refsect1>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <para>The configuration files contain a list of
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx variable assignments, separated by newlines. Empty
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx lines and lines whose first non-whitespace character
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx ignored.</para>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <para>Each configuration file shall be named in the
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx style of <filename><replaceable>program</replaceable>.conf</filename>.
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <filename>/run/</filename> override files with the same
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx should install their configuration files in
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx administrator, who may use this logic to override the
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx configuration files installed by vendor packages. All
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx configuration files are sorted by their filename in
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx lexicographic order, regardless of which of the
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx directories they reside in. If multiple files specify the
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx same variable name, the entry in the file with the
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx lexicographically latest name will be applied. It is
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx recommended to prefix all filenames with a two-digit
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx number and a dash, to simplify the ordering of the
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx files.</para>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx sysctl variable names. If the first separator is a
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx slash, remaining slashes and dots are left intact. If
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx the first separator is a dot, dots and slashes are
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx interchanged. <literal>kernel.domainname=foo</literal>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx be written to
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <literal>net.ipv4.conf.enp3s0/200.forwarding</literal>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <literal>net/ipv4/conf/enp3s0.200/forwarding</literal>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx may be used to refer to
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <filename>/proc/sys/net/ipv4/conf/enp3s0.200/forwarding</filename>.
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <para>If the administrator wants to disable a
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx configuration file supplied by the vendor, the
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx recommended way is to place a symlink to
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx same filename.</para>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <para>The settings configured with
1fb799609e09dd1df20777bef567d27059d90202dirkx early on boot. The network interface-specific options
1fb799609e09dd1df20777bef567d27059d90202dirkx will also be applied individually for each network
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx interface as it shows up in the system. (More
1fb799609e09dd1df20777bef567d27059d90202dirkx specifically,
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <filename>net.ipv4.neigh.*</filename> and <filename>net.ipv6.neigh.*</filename>).</para>
1fb799609e09dd1df20777bef567d27059d90202dirkx <para>Many sysctl parameters only become available
1fb799609e09dd1df20777bef567d27059d90202dirkx when certain kernel modules are loaded. Modules are
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx usually loaded on demand, e.g. when certain hardware
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx is plugged in or network brought up. This means that
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> which runs
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx during early boot will not configure such parameters
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx if they become available after it has run. To
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx set such parameters, it is recommended to add
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx an <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> rule to set those parameters when they become
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx available. Alternatively, a slightly simpler and
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx less efficient option is to add the module to
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <citerefentry><refentrytitle>modules-load.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, causing it to be loaded statically
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx before sysctl settings are applied (see
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx example below).</para>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx </refsect1>
1fb799609e09dd1df20777bef567d27059d90202dirkx <para><filename>/etc/sysctl.d/domain-name.conf</filename>:
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <programlisting>kernel.domainname=example.com</programlisting>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <para><filename>/etc/modules-load.d/bridge.conf</filename>:
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <programlisting>net.bridge.bridge-nf-call-ip6tables = 0
1fb799609e09dd1df20777bef567d27059d90202dirkx</programlisting>
1fb799609e09dd1df20777bef567d27059d90202dirkx </refsect1>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1fb799609e09dd1df20777bef567d27059d90202dirkx <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1fb799609e09dd1df20777bef567d27059d90202dirkx <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1fb799609e09dd1df20777bef567d27059d90202dirkx <citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <citerefentry><refentrytitle>sysctl.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx <citerefentry><refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum></citerefentry>
c002c44ee5c7e7258f4ba5c162461c24a0c179c2dirkx </refsect1>