From c3dabe63c4f5516a5a1380f8ee211c892596e4b7 Mon Sep 17 00:00:00 2001 From: Miha Purg Date: Mon, 11 Mar 2024 12:49:50 +0100 Subject: [PATCH] Fix bash remediation for sysctl template The remediation breaks systemd-sysctl when executed multiple times. On first run, settings are correctly added to /etc/sysctl.conf and loaded by systemd-sysctl via the symlink /etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf. On second run, the same settings are commented out in /etc/systcl.d/99-sysctl.conf, replacing the symlink with a copy of the file. Although the settings are again added to /etc/sysctl.conf, these are not loaded by systemd-sysctl due to the broken link. Fixes https://bugs.launchpad.net/usg/+bug/2056150 --- shared/templates/sysctl/bash.template | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template index d66b3320638..16678826093 100644 --- a/shared/templates/sysctl/bash.template +++ b/shared/templates/sysctl/bash.template @@ -12,12 +12,16 @@ for f in /etc/sysctl.d/*.conf /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.con {{% else %}} for f in /etc/sysctl.d/*.conf /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf; do {{% endif %}} + + # skip systemd-sysctl symlink (/etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf) + if [[ "$(readlink -f "$f")" == "/etc/sysctl.conf" ]]; then continue; fi + matching_list=$(grep -P '^(?!#).*[\s]*{{{ SYSCTLVAR }}}.*$' $f | uniq ) if ! test -z "$matching_list"; then while IFS= read -r entry; do escaped_entry=$(sed -e 's|/|\\/|g' <<< "$entry") # comment out "{{{ SYSCTLVAR }}}" matches to preserve user data - sed -i "s/^${escaped_entry}$/# &/g" $f + sed -i --follow-symlinks "s/^${escaped_entry}$/# &/g" $f done <<< "$matching_list" fi done