Oracle Cloud Infrastructure Documentation

Managing Kernel Parameters at Runtime

You can adjust some kernel settings in the running kernel through the virtual file system.

Some virtual files under /proc, and especially under /proc/sys, are writable. You can adjust settings in the running kernel through these files. For example, to change the hostname, you can revise the /proc/sys/kernel/hostname file as follows: 

echo www.mydomain.com | sudo tee /proc/sys/kernel/hostname

Other files take binary or Boolean values, such as the setting of IP forwarding, which is defined in /proc/sys/net/ipv4/ip_forward: 

cat /proc/sys/net/ipv4/ip_forward
0
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward
1

Use the sysctl command to view or change values under the /proc/sys directory.

Note

Even root can't bypass the file access permissions of virtual file entries under /proc. If you change the value of a read-only entry such as /proc/partitions, no kernel code exists to service the write() system call.

For more information, see the sysctl(8) and sysctl.d(5) manual pages.

Listing Configurable Kernel Parameters and Values

Use the sysctl command to browse kernel system parameters that are defined in the /proc/sys virtual file system. The following methods of viewing kernel parameters and their values by using the sysctl command are available:

  1. Run sysctl -a to view all available kernel parameters and their values for the running kernel. 
    sysctl -a
    kernel.sched_child_runs_first = 0
kernel.sched_min_granularity_ns = 2000000
kernel.sched_latency_ns = 10000000
kernel.sched_wakeup_granularity_ns = 2000000
kernel.sched_shares_ratelimit = 500000
...
    Note

    The delimiter character in the name of a setting is a period (.) rather than a slash (/) in a path relative to /proc/sys, such as net.ipv4.ip_forward. This setting represents net/ipv4/ip_forward. As another example, kernel.msgmax represents kernel/msgmax.

  2. Display an individual setting or a collection of settings by specifying its name as the argument to sysctl. 
    sysctl net.ipv4.ip_forward
    net.ipv4.ip_forward = 0
    For a broader collection of settings, you can specify the name of a collection of settings earlier in the naming hierarchy:
    sysctl net.ipv4.conf.all
    net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bc_forwarding = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.drop_gratuitous_arp = 0
net.ipv4.conf.all.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.all.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.all.ignore_routes_with_linkdown = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0

Updating Kernel Parameters

Use the sysctl command to update kernel system parameters that are defined in the /proc/sys virtual file system.

  1. Use the sysctl -w command to set the value for a kernel parameter.

    for example, to change the value of the net.ipv4.ip_forward setting to enabled, use the following command format: 

    sudo sysctl -w net.ipv4.ip_forward=1

    Changes that you make in this way remain in force only until the system is rebooted.

  2. To make configuration changes persist after the system is rebooted, add them to the /etc/sysctl.d directory as a configuration file.

    Any changes that you make to the files in this directory take effect when the system reboots or if you run the sysctl --system command, for example: 

    echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/ip_forward.conf
grep -r ip_forward /etc/sysctl.d
    /etc/sysctl.d/ip_forward.conf:net.ipv4.ip_forward=1
  3. To reset the system to use only the values that are configured to load at boot time, use the sysctl --system command. 
    sudo sysctl --system
    * Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/ip_forward.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.conf ...

    Note that any configuration entries that you added to /etc/sysctl.d are read by the system and applied.