Can't parse sysctl.d files correctly.

[jaredmontoya]

Lines 27, 32 and 37 of 50-default.conf all start with a - and they all lead to a Syntax error (see log)
The purpose of - is explained in man 5 sysctl.d

/var/log/tuned/tuned.log

2025-09-25 13:46:05,899 INFO     tuned.plugins.plugin_sysctl: reapplying system sysctl
09-25 13:46:05,900 ERROR    tuned.plugins.plugin_sysctl: Syntax error in file /etc/sysctl.d/50-default.conf, line 27
09-25 13:46:05,900 ERROR    tuned.plugins.plugin_sysctl: Syntax error in file /etc/sysctl.d/50-default.conf, line 32
09-25 13:46:05,900 ERROR    tuned.plugins.plugin_sysctl: Syntax error in file /etc/sysctl.d/50-default.conf, line 37
09-25 13:46:05,900 INFO     tuned.daemon.daemon: static tuning from profile 'throughput-performance' applied

/etc/sysctl.d/50-default.conf

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See sysctl.d(5) and core(5) for documentation.

# To override settings in this file, create a local file in /etc
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.

# System Request functionality of the kernel (SYNC)
#
# Use kernel.sysrq = 1 to allow all keys.
# See https://docs.kernel.org/admin-guide/sysrq.html for a list
# of values and keys.
kernel.sysrq = 16

# Append the PID to the core filename
kernel.core_uses_pid = 1

# Source route verification
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.*.rp_filter = 2
-net.ipv4.conf.all.rp_filter

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.*.accept_source_route = 0
-net.ipv4.conf.all.accept_source_route

# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.*.promote_secondaries = 1
-net.ipv4.conf.all.promote_secondaries

# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
# The upper limit is set to 2^31-1. Values greater than that get rejected by
# the kernel because of this definition in linux/include/net/ping.h:
#   #define GID_T_MAX (((gid_t)~0U) >> 1)
# That's not so bad because values between 2^31 and 2^32-1 are reserved on
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary
-net.ipv4.ping_group_range = 0 2147483647

# Fair Queue CoDel packet scheduler to fight bufferbloat
-net.core.default_qdisc = fq_codel

# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1

# Enable regular file and FIFO protection
fs.protected_regular = 1
fs.protected_fifos = 1

[rvl]

I saw the same issue with v2.26.0 and worked around it by setting reapply_sysctl=false in /etc/tuned/tuned-main.conf.

It looks like systemd have implemented syntax for globs and excludes (sysctl.d(5)).

Rather than trying to re-implement this syntax in tuned, would it be possible for tuned to let systemd-sysctl handle it? That is, either run

• systemctl start systemd-sysctl.service, or
• /usr/lib/systemd/systemd-sysctl 05-tuned-pre.conf.

The tuned plugin could drop its sysctl configuration into /run/sysctl.d/05-tuned-pre.conf and/or /run/sysctl.d/95-tuned-post.conf, depending on whether or not the tuned profile settings should take precedence over the system's settings.

[acottre]

Thanks @rvl, that led me to applying this

/etc/systemd/tuned.service.d/override.conf

[Service]
ExecStartPost=/usr/sbin/sysctl --system

This does seem like something tuned should handle though...