-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.14
-
Low
-
No
-
False
-
-
-
Bug Fix
-
In Progress
-
Description of problem: Not all net.* per-interface sysctls declared safe by TELCOSTRAT-10 / CNF-3642 are implemented in the default cni-sysctl-allowlist.
E.g.
net.ipv6.conf.IFNAME.disable_ipv6,
net.ipv6.conf.IFNAME.disable_policy,
net.ipv4.conf.IFNAME.rp_filter,
net.ipv4.conf.IFNAME.forwarding,
net.ipv4.conf.IFNAME.forwarding,
and possibly others.
Version-Release number of selected component (if applicable): 4.14
How reproducible: Always
Steps to Reproduce:
1. Compare the list of per-interface sysctls declared safe in TELCOSTRAT-10 / CNF-3642 / CNF-4093 Google Doc and Jira comments to the default cni-sysctl-allowlist in the code
Actual results: List of per-interface sysctls declared safe in the default cni-sysctl-allowlist in the code does not match the list in TELCOSTRAT-10 / CNF-3642 / CNF-4093
Expected results: List of per-interface sysctls declared safe in the default cni-sysctl-allowlist in the code should match the list in TELCOSTRAT-10 / CNF-3642 / CNF-4093
Additional info: None
- clones
-
OCPBUGS-29403 Not all net.* per-interface sysctls declared safe by TELCOSTRAT-10 / CNF-3642 are implemented in the default cni-sysctl-allowlist
- ASSIGNED
- links to