[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[atomic-devel] Docker closed sysctl patch.


I added this patch because I remember seeing bugzillas and issues requesting
this feature.
Docker felt that it was too dangerous to allow users to shoot themselves in the foot with it.

Basically the patch would allow a user to specify specific sysctls to
set within a container, before the container got setup.
The problem is the kernel does do a good job of identifying whether the
sysctl is namespaced, or changing the sysctl
will effect the entire system.  The problem with closing it, is that we
continue to have no way of ever setting a container sysctl
before pid 1 gets started in the container.  Docker did suggest that
they now support docker exec --privileged to exec a
shell into a container which could set the sysctl, but of course this
would only be possible after the container was started.

If you know of use cases that this was a show stopper for, we need to
know what they are.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]