Currently we load sysctl.conf twice:
- when /etc/rc.d/sysctl runs (fairly early during boot)
- when /etc/rc.d/securelevel runs (fairly late)
/etc/rc.d/kld runs in between. When it loads modules, there is a window
where the system will run with default sysctl values. This causes problems if
startup scripts between rc.d/kld and rc.d/securelevel do anything that
might rely on non-default sysctl values. For example, if rc.d/kld is
used to load an alternate TCP stack, and /etc/sysctl.conf configures a
non-default TCP stack, then sshd will end up using the "wrong" TCP stack
for its listening socket.
In many cases the solution is to use /boot/loader.conf instead, but this
can be awkward in some environments with limited loader(8) support
(e.g., arm64 devices booted using LINUX_BOOT_ABI, or powerpc64 booted
with petitboot). loader.conf is less friendly to automation as well,
for example because sysrc does not really handle it properly.
Since it is easy to reload sysctl.conf when klds are loaded, this change
implements that.