chiark / gitweb /
make utmp/wtmp support configurable
[elogind.git] / man / sysctl.d.xml
1 <?xml version="1.0"?>
2 <!--*-nxml-*-->
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 <!--
5   This file is part of systemd.
6
7   Copyright 2011 Lennart Poettering
8
9   systemd is free software; you can redistribute it and/or modify it
10   under the terms of the GNU Lesser General Public License as published by
11   the Free Software Foundation; either version 2.1 of the License, or
12   (at your option) any later version.
13
14   systemd is distributed in the hope that it will be useful, but
15   WITHOUT ANY WARRANTY; without even the implied warranty of
16   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17   Lesser General Public License for more details.
18
19   You should have received a copy of the GNU Lesser General Public License
20   along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 -->
22 <refentry id="sysctl.d">
23
24         <refentryinfo>
25                 <title>sysctl.d</title>
26                 <productname>systemd</productname>
27
28                 <authorgroup>
29                         <author>
30                                 <contrib>Developer</contrib>
31                                 <firstname>Lennart</firstname>
32                                 <surname>Poettering</surname>
33                                 <email>lennart@poettering.net</email>
34                         </author>
35                 </authorgroup>
36         </refentryinfo>
37
38         <refmeta>
39                 <refentrytitle>sysctl.d</refentrytitle>
40                 <manvolnum>5</manvolnum>
41         </refmeta>
42
43         <refnamediv>
44                 <refname>sysctl.d</refname>
45                 <refpurpose>Configure kernel parameters at boot</refpurpose>
46         </refnamediv>
47
48         <refsynopsisdiv>
49                 <para><filename>/etc/sysctl.d/*.conf</filename></para>
50                 <para><filename>/run/sysctl.d/*.conf</filename></para>
51                 <para><filename>/usr/lib/sysctl.d/*.conf</filename></para>
52         </refsynopsisdiv>
53
54         <refsect1>
55                 <title>Description</title>
56
57                 <para>At boot,
58                 <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
59                 reads configuration files from the above directories
60                 to configure
61                 <citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
62                 kernel parameters.</para>
63         </refsect1>
64
65         <refsect1>
66                 <title>Configuration Format</title>
67
68                 <para>The configuration files contain a list of
69                 variable assignments, separated by newlines. Empty
70                 lines and lines whose first non-whitespace character
71                 is <literal>#</literal> or <literal>;</literal> are
72                 ignored.</para>
73
74                 <para>Each configuration file shall be named in the
75                 style of <filename><replaceable>program</replaceable>.conf</filename>.
76                 Files in <filename>/etc/</filename> override files
77                 with the same name in <filename>/usr/lib/</filename>
78                 and <filename>/run/</filename>.  Files in
79                 <filename>/run/</filename> override files with the same
80                 name in <filename>/usr/lib/</filename>. Packages
81                 should install their configuration files in
82                 <filename>/usr/lib/</filename>. Files in
83                 <filename>/etc/</filename> are reserved for the local
84                 administrator, who may use this logic to override the
85                 configuration files installed by vendor packages. All
86                 configuration files are sorted by their filename in
87                 lexicographic order, regardless of which of the
88                 directories they reside in. If multiple files specify the
89                 same variable name, the entry in the file with the
90                 lexicographically latest name will be applied. It is
91                 recommended to prefix all filenames with a two-digit
92                 number and a dash, to simplify the ordering of the
93                 files.</para>
94
95                 <para>Note that either <literal>/</literal> or
96                 <literal>.</literal> may be used as separators within
97                 sysctl variable names. If the first separator is a
98                 slash, remaining slashes and dots are left intact. If
99                 the first separator is a dot, dots and slashes are
100                 interchanged. <literal>kernel.domainname=foo</literal>
101                 and <literal>kernel/domainname=foo</literal> are
102                 equivalent and will cause <literal>foo</literal> to
103                 be written to
104                 <filename>/proc/sys/kernel/domainname</filename>.
105                 Either
106                 <literal>net.ipv4.conf.enp3s0/200.forwarding</literal>
107                 or
108                 <literal>net/ipv4/conf/enp3s0.200/forwarding</literal>
109                 may be used to refer to
110                 <filename>/proc/sys/net/ipv4/conf/enp3s0.200/forwarding</filename>.
111                 </para>
112
113                 <para>If the administrator wants to disable a
114                 configuration file supplied by the vendor, the
115                 recommended way is to place a symlink to
116                 <filename>/dev/null</filename> in
117                 <filename>/etc/sysctl.d/</filename> bearing the
118                 same filename.</para>
119
120                 <para>The settings configured with
121                 <filename>sysctl.d</filename> files will be applied
122                 early on boot. The network interface-specific options
123                 will also be applied individually for each network
124                 interface as it shows up in the system. (More
125                 specifically,
126                 <filename>net.ipv4.conf.*</filename>,
127                 <filename>net.ipv6.conf.*</filename>,
128                 <filename>net.ipv4.neigh.*</filename> and <filename>net.ipv6.neigh.*</filename>).</para>
129
130                 <para>Many sysctl parameters only become available
131                 when certain kernel modules are loaded. Modules are
132                 usually loaded on demand, e.g. when certain hardware
133                 is plugged in or network brought up. This means that
134                 <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> which runs
135                 during early boot will not configure such parameters
136                 if they become available after it has run. To
137                 set such parameters, it is recommended to add
138                 an <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> rule to set those parameters when they become
139                 available. Alternatively, a slightly simpler and
140                 less efficient option is to add the module to
141                 <citerefentry><refentrytitle>modules-load.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, causing it to be loaded statically
142                 before sysctl settings are applied (see
143                 example below).</para>
144         </refsect1>
145
146         <refsect1>
147                 <title>Examples</title>
148                 <example>
149                         <title>Set kernel YP domain name</title>
150                         <para><filename>/etc/sysctl.d/domain-name.conf</filename>:
151                         </para>
152
153                         <programlisting>kernel.domainname=example.com</programlisting>
154                 </example>
155
156                 <example>
157                         <title>Disable packet filter on bridged packets (method one)</title>
158                         <para><filename>/etc/udev/rules.d/99-bridge.rules</filename>:
159                         </para>
160
161                         <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
162 </programlisting>
163
164                         <para><filename>/etc/sysctl.d/bridge.conf</filename>:
165                         </para>
166
167                         <programlisting>net.bridge.bridge-nf-call-ip6tables = 0
168 net.bridge.bridge-nf-call-iptables = 0
169 net.bridge.bridge-nf-call-arptables = 0
170 </programlisting>
171                 </example>
172
173                 <example>
174                         <title>Disable packet filter on bridged packets (method two)</title>
175                         <para><filename>/etc/modules-load.d/bridge.conf</filename>:
176                         </para>
177
178                         <programlisting>bridge</programlisting>
179
180                         <para><filename>/etc/sysctl.d/bridge.conf</filename>:
181                         </para>
182
183                         <programlisting>net.bridge.bridge-nf-call-ip6tables = 0
184 net.bridge.bridge-nf-call-iptables = 0
185 net.bridge.bridge-nf-call-arptables = 0
186 </programlisting>
187                 </example>
188         </refsect1>
189
190         <refsect1>
191                 <title>See Also</title>
192                 <para>
193                         <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
194                         <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
195                         <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
196                         <citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
197                         <citerefentry><refentrytitle>sysctl.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
198                         <citerefentry><refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum></citerefentry>
199                 </para>
200         </refsect1>
201
202 </refentry>