Description
Description
It seems that, when starting a container via runsc run from an OCI specification file, sysctl options in the specification file won't take effect inside the container.
Steps to reproduce
Make a rootfs directory and unpack a debian-slim image into it:
mkdir bundle && cd bundle && mkdir --mode=0755 rootfs
docker export $(docker create debian:bullseye-slim) | sudo tar -xf - -C rootfs --same-owner --same-permissions
Create a simple script in rootfs to dump a sysctl setting:
$ cat rootfs/test_script
#!/bin/bash
cat /proc/sys/net/ipv4/tcp_keepalive_time
Generate a config.json: runsc spec -- /test_script
Add the following to the "linux" block of the config:
"sysctl":{
"net.ipv4.tcp_keep_alive_time": "1000"
}
Then sudo runsc run test_script will show a value of 7200, not 1000.
runsc version
runsc version 40a09da5a1ab
spec: 1.1.0-rc.1docker version (if using docker)
No response
uname
Linux 5.15.0-101.103.2.1.el9uek.x86_64 #2 SMP Tue May 2 01:10:45 PDT 2023 x86_64 x86_64 x86_64 GNU/Linux
kubectl (if using Kubernetes)
No response
repo state (if built from source)
No response
runsc debug logs (if available)
No response