Bug 1287286

Summary: Need a way to differentiate which sysctls are per namespace?
Product: [Fedora] Fedora Reporter: Daniel Walsh <dwalsh>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1287287 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1287287    

Description Daniel Walsh 2015-12-01 21:45:12 UTC 
In Docker we want to allow users to specify container specific sysctls, the problem we have is there is no way to figure out which sysctls are per namespace as opposed to which ones are for the entire system.

We need a way to ask the kernel this, or to pass a flag to say fail to set it if this is a global sysctl.
Comment 1 Neil Horman 2017-12-19 18:00:47 UTC 
what about a mount option to hide any sysctls that are not per namespace?
Comment 2 Neil Horman 2017-12-19 18:53:19 UTC 
actually, scratch that, theres no real way to differentiate per-namespace vs global sysctls in the kernel.  that information is codified in the code that stores/reads the sysctl data.  I can keep looking at other ways to do this, but there may not be much hope here