From f257d983943d6ec2253d50a245cd4810cab45e4b Mon Sep 17 00:00:00 2001
From: cdoern <cdoern@redhat.com>
Date: Mon, 10 Jan 2022 20:25:08 -0500
Subject: Podman Pod Create --sysctl support

added support for pod wide sysctls. The sysctls supported are the same as the continer run controls.

These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl

resolves #12747

Signed-off-by: cdoern <cdoern@redhat.com>
---
 test/e2e/pod_create_test.go | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'test')

diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index fab107af8..623377ea1 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -1029,4 +1029,43 @@ ENTRYPOINT ["sleep","99999"]
 		Expect(inspect[0].AppArmorProfile).To(Equal(apparmor.Profile))
 
 	})
+
+	It("podman pod create --sysctl test", func() {
+		SkipIfRootless("Network sysctls are not available root rootless")
+		podCreate := podmanTest.Podman([]string{"pod", "create", "--sysctl", "net.core.somaxconn=65535"})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+		session := podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "net.core.somaxconn"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("net.core.somaxconn = 65535"))
+
+		// if not sharing the net NS, nothing should fail, but the sysctl should not be passed
+		podCreate = podmanTest.Podman([]string{"pod", "create", "--share", "pid", "--sysctl", "net.core.somaxconn=65535"})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+		session = podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "net.core.somaxconn"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).NotTo(ContainSubstring("net.core.somaxconn = 65535"))
+
+		// one other misc option
+		podCreate = podmanTest.Podman([]string{"pod", "create", "--sysctl", "kernel.msgmax=65535"})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+		session = podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "kernel.msgmax"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("kernel.msgmax = 65535"))
+
+		podCreate = podmanTest.Podman([]string{"pod", "create", "--share", "pid", "--sysctl", "kernel.msgmax=65535"})
+		podCreate.WaitWithDefaultTimeout()
+		Expect(podCreate).Should(Exit(0))
+		session = podmanTest.Podman([]string{"run", "--pod", podCreate.OutputToString(), "--rm", ALPINE, "sysctl", "kernel.msgmax"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).NotTo(ContainSubstring("kernel.msgmax = 65535"))
+
+	})
+
 })
-- 
cgit v1.2.3-54-g00ecf