From cebcd2064c6af6ffb0926ce65a9a4fd16e488022 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Oct 07 2014 19:51:56 +0000 Subject: Add bridge configuration --- diff --git a/0505-fedora-add-bridge-sysctl-configuration.patch b/0505-fedora-add-bridge-sysctl-configuration.patch new file mode 100644 index 0000000..d6a1a0e --- /dev/null +++ b/0505-fedora-add-bridge-sysctl-configuration.patch @@ -0,0 +1,87 @@ +From 92f6fa8c02e7721120e712b8cc1d250ce940f51c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 7 Oct 2014 01:49:10 -0400 +Subject: [PATCH] fedora: add bridge sysctl configuration + +Udev rule is added to load those settings when the bridge +module is loaded. + +https://bugzilla.redhat.com/show_bug.cgi?id=634736 +--- + Makefile.am | 8 ++++++-- + rules/.gitignore | 1 + + rules/99-bridge.rules.in | 9 +++++++++ + sysctl.d/50-bridge.conf | 4 ++++ + 4 files changed, 20 insertions(+), 2 deletions(-) + create mode 100644 rules/99-bridge.rules.in + create mode 100644 sysctl.d/50-bridge.conf + +diff --git a/Makefile.am b/Makefile.am +index e52db1793b..41e94575ef 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -445,7 +445,8 @@ CLEANFILES += \ + $(nodist_zshcompletion_DATA) + + dist_sysctl_DATA = \ +- sysctl.d/50-default.conf ++ sysctl.d/50-default.conf \ ++ sysctl.d/50-bridge.conf + + dist_systemunit_DATA = \ + units/graphical.target \ +@@ -3281,7 +3282,8 @@ dist_udevrules_DATA += \ + rules/95-udev-late.rules + + nodist_udevrules_DATA += \ +- rules/99-systemd.rules ++ rules/99-systemd.rules \ ++ rules/99-bridge.rules + + dist_udevhwdb_DATA = \ + hwdb/20-pci-vendor-model.hwdb \ +@@ -3306,10 +3308,12 @@ sharepkgconfig_DATA = \ + + EXTRA_DIST += \ + rules/99-systemd.rules.in \ ++ rules/99-bridge.rules.in \ + src/udev/udev.pc.in + + CLEANFILES += \ + rules/99-systemd.rules \ ++ rules/99-bridge.rules \ + src/udev/udev.pc + + EXTRA_DIST += \ +diff --git a/rules/.gitignore b/rules/.gitignore +index 93a50ddd80..46c7f3ce91 100644 +--- a/rules/.gitignore ++++ b/rules/.gitignore +@@ -1 +1,2 @@ + /99-systemd.rules ++/99-bridge.rules +diff --git a/rules/99-bridge.rules.in b/rules/99-bridge.rules.in +new file mode 100644 +index 0000000000..f46f96bd2e +--- /dev/null ++++ b/rules/99-bridge.rules.in +@@ -0,0 +1,9 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++# Apply sysctl settings to bridges ++ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="@rootlibexecdir@/systemd-sysctl --prefix=/net/bridge" +diff --git a/sysctl.d/50-bridge.conf b/sysctl.d/50-bridge.conf +new file mode 100644 +index 0000000000..b586bf15fa +--- /dev/null ++++ b/sysctl.d/50-bridge.conf +@@ -0,0 +1,4 @@ ++# Disable netfilter on bridges. ++net.bridge.bridge-nf-call-ip6tables = 0 ++net.bridge.bridge-nf-call-iptables = 0 ++net.bridge.bridge-nf-call-arptables = 0 diff --git a/systemd.spec b/systemd.spec index a09b720..a9fa295 100644 --- a/systemd.spec +++ b/systemd.spec @@ -573,6 +573,7 @@ Patch0531: 0531-Update-TODO.patch Patch0532: 0532-proc-sys-prefixes-are-not-necessary-for-sysctl-anymo.patch Patch0533: 0533-core-don-t-allow-enabling-if-unit-is-masked.patch Patch0534: 0534-fedora-disable-resolv.conf-symlink.patch +Patch0535: 0535-fedora-add-bridge-sysctl-configuration.patch # kernel-install patch for grubby, drop if grubby is obsolete @@ -1222,6 +1223,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd %{_prefix}/lib/tmpfiles.d/etc.conf %{_prefix}/lib/sysctl.d/50-default.conf %{_prefix}/lib/sysctl.d/50-coredump.conf +%{_prefix}/lib/sysctl.d/50-bridge.conf %{_prefix}/lib/sysusers.d/basic.conf %{_prefix}/lib/sysusers.d/systemd.conf %{_prefix}/lib/systemd/system-preset/85-display-manager.preset