Following snapshot 20200914 error "Failed to start Apply Kernel Variables"

Both my TW machines now throw “Failed to start Apply Kernel Variables” error upon boot following snapshot 20200914

From the journal, this appears to be due to:

Sep 16 11:23:54 Orion-15 systemd-sysctl[409]: Couldn't write '"0 2147483647" to' to 'net/ipv4/ping_group_range': Invalid argument
Sep 16 11:23:54 Orion-15 systemd[1]: systemd-sysctl.service: Main process exited, code=exited, status=1/FAILURE
Sep 16 11:23:54 Orion-15 systemd[1]: systemd-sysctl.service: Failed with result 'exit-code'.
Sep 16 11:23:54 Orion-15 systemd[1]: Failed to start Apply Kernel Variables.

Raised a bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=1176592

I was getting the same thing. I removed the quotation marks in

 /usr/lib/sysctl.d/50-default.conf

from the line that contains

net.ipv4.ping_group_range = "0 2147483647"

to

net.ipv4.ping_group_range = 0 2147483647

and everything seems to be working fine.

Yes, it seems this was already known about: https://bugzilla.opensuse.org/show_bug.cgi?id=1174504

However I didn’t find that report when I searched earlier :(…

I did not see that bug report before I came to a same conclusion but well, everyone can miss something.

I’m having this issue, as well. But I used nano to remove the quotes from the specified line in /usr/lib/sysctl.d/50-default.conf, and it doesn’t seem to have fixed the issue.

My error message in the log (via journalctl):

Sep 16 16:01:05 linux-vsbp systemd[1]: Starting Apply Kernel Variables...
Sep 16 16:01:05 linux-vsbp systemd[1]: systemd-sysctl.service: Main process exited, code=exited, status=1/FAILURE
Sep 16 16:01:05 linux-vsbp systemd[1]: systemd-sysctl.service: Failed with result 'exit-code'.
Sep 16 16:01:05 linux-vsbp systemd[1]: Failed to start Apply Kernel Variables.
Sep 16 16:01:05 linux-vsbp systemd-journald[182]: Journal started
Sep 16 16:01:05 linux-vsbp systemd-journald[182]: Runtime Journal (/run/log/journal/5e233e6dd4e445bcb6c29f64293ec9dc) is 8.0M, max 395.5M, 387.5M free.
Sep 16 16:01:05 linux-vsbp systemd-modules-load[183]: Inserted module 'scsi_dh_alua'
Sep 16 16:01:05 linux-vsbp haveged[180]: haveged: command socket is listening at fd 3
Sep 16 16:01:05 linux-vsbp systemd-modules-load[183]: Inserted module 'scsi_dh_emc'
Sep 16 16:01:05 linux-vsbp systemd-modules-load[183]: Inserted module 'scsi_dh_rdac'
Sep 16 16:01:05 linux-vsbp systemd-modules-load[183]: Inserted module 'dm_multipath'
Sep 16 16:01:05 linux-vsbp systemd-modules-load[183]: Inserted module 'sg'
Sep 16 16:01:05 linux-vsbp systemd-sysctl[194]: Couldn't write '"0 2147483647"' to 'net/ipv4/ping_group_range': Invalid argument

My file via sudo nano /usr/lib/sysctl.d/50-default.conf

net.ipv4.ping_group_range = 0 2147483647

How am I still having the error?

And what effect can it have on my system?

I had/have the same issue. In addition to removing quotation marks in 50-default.conf I updated initramfs image and errors disappeared from logs.
In a nutshell, in addition to solution posted by SJLPHI I ran:


sudo mkinitrd

Yes, recompiling is necessary, sorry, I neglected to mention that.

Users may choose to copy file /usr/lib/sysctl.d/50-default.conf to /etc/sysctl.d/50-default.conf and edit the latter. As a bonus systemd-delta lists the changes made:

erlangen:~ # systemd-delta --type overridden 
[OVERRIDDEN] /etc/sysctl.d/50-default.conf → /usr/lib/sysctl.d/50-default.conf

--- /usr/lib/sysctl.d/50-default.conf   2020-09-09 08:49:33.000000000 +0200
+++ /etc/sysctl.d/50-default.conf       2020-09-17 09:49:55.651527076 +0200
@@ -29,7 +29,7 @@
 # bits (bsc#1174504).
 # this only allows users to handle ICMP ECHO REQUESTs and REPLYs, nothing
 # else.
-net.ipv4.ping_group_range = "0 2147483647"
+net.ipv4.ping_group_range = 0 2147483647
 
 # increase the number of possible inotify(7) watches
 fs.inotify.max_user_watches = 65536
...
3 overridden configuration files found.
erlangen:~ # 

Running ‘dracut -f’ completes the fix.

Has this been fixed already upstream or better to wait some days before next zypper dup? Not interested in reviving all TWs right now… :wink:

In progress… 1174504 – AUDIT-0: allow ping and ICMP commands without CAP_NET_RAW

The workaround won’t change how the system behave, only prevent a systemd service to print an error. Ping continues available for all users. I’d suggest you wait until a snapshot fixes it.