1287286 – Need a way to differentiate which sysctls are per namespace?

Bug 1287286 - Need a way to differentiate which sysctls are per namespace?

Summary: Need a way to differentiate which sysctls are per namespace?

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1287287
TreeView+	depends on / blocked

Reported:	2015-12-01 21:45 UTC by Daniel Walsh
Modified:	2020-08-11 22:17 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Clones:	1287287 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Walsh 2015-12-01 21:45:12 UTC

In Docker we want to allow users to specify container specific sysctls, the problem we have is there is no way to figure out which sysctls are per namespace as opposed to which ones are for the entire system.

We need a way to ask the kernel this, or to pass a flag to say fail to set it if this is a global sysctl.

Comment 1 Neil Horman 2017-12-19 18:00:47 UTC

what about a mount option to hide any sysctls that are not per namespace?

Comment 2 Neil Horman 2017-12-19 18:53:19 UTC

actually, scratch that, theres no real way to differentiate per-namespace vs global sysctls in the kernel.  that information is codified in the code that stores/reads the sysctl data.  I can keep looking at other ways to do this, but there may not be much hope here

Note You need to log in before you can comment on or make changes to this bug.