Allow setting Linux kernel parameters (sysctl) via settings

GLOSSARY.md

@@ -4,6 +4,7 @@
 * [**bork**](sources/api/bork): A setting generator called by sundog to generate the random seed for updog, determining where the host falls in the update order.
 * [**buildsys**](tools/buildsys): A build tool that runs package and image builds inside containers.
   cargo-make starts the build of each package, each of which calls buildsys, which in turn starts a Docker-based build using the SDK image.
+* [**corndog**](sources/api/corndog): A program that sets kernel sysctl values based on API settings.
 * [**early-boot-config**](sources/api/early-boot-config): A program run at boot to read platform-specific data, such as EC2 user data, and send requested configuration to the API.
 * **gptprio:** A structure of bits in GPT partition headers that specifies priority, tries remaining, and whether the partition booted successfully before.
   signpost sets these and GRUB uses them to determine which partition set to boot.

README.md

@@ -348,6 +348,18 @@ These settings can be changed at any time.
 
 * `settings.ntp.time-servers`: A list of NTP servers used to set and verify the system time.
 
+#### Kernel settings
+
+* `settings.kernel.sysctl`: Key/value pairs representing Linux kernel parameters.
+  Remember to quote keys (since they often contain ".") and to quote all values.
+  * Example user data for setting up sysctl:
+    ```
+    [settings.kernel.sysctl]
+    "user.max_user_namespaces" = "16384"
+    "vm.max_map_count" = "262144"
+    ```
+
+
 #### Host containers settings
 * `settings.host-containers.admin.source`: The URI of the [admin container](#admin-container).
 * `settings.host-containers.admin.enabled`: Whether the admin container is enabled.

packages/os/os.spec

@@ -77,6 +77,12 @@ Summary: Dynamic setting generator for updog
 %description -n %{_cross_os}bork
 %{summary}.
 
+%package -n %{_cross_os}corndog
+Summary: Bottlerocket sysctl helper
+Requires: %{_cross_os}apiserver = %{version}-%{release}
+%description -n %{_cross_os}corndog
+%{summary}.
+
 %package -n %{_cross_os}schnauzer
 Summary: Setting generator for templated settings values.
 %description -n %{_cross_os}schnauzer
@@ -185,6 +191,7 @@ mkdir bin
     -p updog \
     -p logdog \
     -p growpart \
+    -p corndog \
 %if "%{_cross_variant}" == "aws-ecs-1"
     -p ecs-settings-applier \
 %endif
@@ -203,7 +210,7 @@ done
 install -d %{buildroot}%{_cross_bindir}
 for p in \
   apiserver \
-  early-boot-config netdog sundog schnauzer pluto bork \
+  early-boot-config netdog sundog schnauzer pluto bork corndog \
   thar-be-settings thar-be-updates servicedog host-containers \
   storewolf settings-committer \
   migrator \
@@ -287,6 +294,9 @@ install -p -m 0644 %{S:202} %{buildroot}%{_cross_tmpfilesdir}/thar-be-updates.co
 %files -n %{_cross_os}netdog
 %{_cross_bindir}/netdog
 
+%files -n %{_cross_os}corndog
+%{_cross_bindir}/corndog
+
 %files -n %{_cross_os}sundog
 %{_cross_bindir}/sundog
 %{_cross_unitdir}/sundog.service

packages/release/release.spec

@@ -48,6 +48,7 @@ Requires: %{_cross_os}bork
 Requires: %{_cross_os}early-boot-config
 Requires: %{_cross_os}schnauzer
 Requires: %{_cross_os}netdog
+Requires: %{_cross_os}corndog
 Requires: %{_cross_os}selinux-policy
 Requires: %{_cross_os}policycoreutils
 Requires: %{_cross_os}signpost