From cbc8efadb4356ec8cfa246e05fef3cd12b80b527 Mon Sep 17 00:00:00 2001
From: James Le Cuirot <jlecuirot@microsoft.com>
Date: Mon, 26 Jan 2026 16:22:38 +0000
Subject: [PATCH] sys-apps/systemd: Rerun sysctl after the sysexts have been
 mounted

It is run early from the initrd, so wait for the sysexts, which may have
additional configuration, before running it again.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
---
 .../coreos-overlay/coreos/config/env/sys-apps/systemd  | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd
index defe7e8d0b..53124d02a8 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd
+++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd
@@ -173,6 +173,16 @@ After=ensure-sysext.service
 EOF
     )
 
+    (
+        insinto "$(systemd_get_systemunitdir)/systemd-sysctl.service.d"
+        newins - flatcar.conf <<'EOF'
+# sysctl runs early from the initrd, so wait for sysexts with additional
+# configuration to be mounted before running it again.
+[Unit]
+After=ensure-sysext.service
+EOF
+    )
+
     (
         # Allow @mount syscalls for systemd-udevd.service
         insinto "$(systemd_get_systemunitdir)/systemd-udevd.service.d"