unable to read net.core.rmem_default inside container

[psaini79]

Description

I am running docker/container and set the kernel parameters net.core.rmem_default at the docker host level. However, inside the container, I am unable to access the net. core.rmem_default value set at the host level.

Steps to reproduce the issue:

1. Modify /etc/sysctl.conf at the docker host level. Save the file and execute sysctl -p.

    net.core.rmem_default = 262144
    net.core.rmem_max = 4194304
   

2. Create the container

   docker create -t -i \
    --hostname testc \
    --restart=always \
    --name testc \
   --cap-add=SYS_NICE \
   --cap-add=SYS_RESOURCE \
   --cap-add=NET_ADMIN \
   oracle/linux:7
   

3. Login inside the container and execute check values:

    sysctl -a | grep rmem_default
   

It returns empty.

Describe the results you received:

Inside the container, the output is empty for sysctl -a | grep rmem

Describe the results you expected:

The container must be able to read the rmem value from the docker host as this parameter cannot be a namespace.

Additional information you deem important (e.g. issue happens only occasionally):
The Linux kernel version 5.4.17-2036.104.5.el7uek
Oracle 7.9

Output of docker version:

Docker version 19.03.11-ol

Output of docker info:

(paste your output here)

Additional environment details (AWS, VirtualBox, physical, etc.):

[thaJeztah]

This is likely because the net options are namespaced, in which case they should be passed to the container through the --sysctl flag;

However, there's a (probably still unresolved) issue in the kernel, which causes setting them for the container's namespace to produce an error (see this ticket: #30778)

docker run -it --rm \
    --sysctl net.core.rmem_default=262144 \
    --sysctl net.core.rmem_max=4194304 \
    alpine sh -c 'sysctl -a | grep rmem_'

docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: write sysctl key net.core.rmem_default: open /proc/sys/net/core/rmem_default: no such file or directory: unknown.

Does it work if you restart the docker daemon, and create the container after that? (wondering if it doesn't pick up the changes while the daemon is running)

[psaini79]

I restarted the docker daemon using the command systemctl stop docker and systemctl start docker but it didn't work. Please check below output:

Docker Host

sysctl -a | grep rmem
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.ipv4.tcp_rmem = 4096	131072	6291456
net.ipv4.udp_rmem_min = 4096

Container

 docker exec -i -t testc /bin/bash
 [root@testc /]# sysctl -a | grep rmem
 net.ipv4.tcp_rmem = 4096	131072	6291456
 sysctl: reading key "net.ipv6.conf.all.stable_secret"
 net.ipv4.udp_rmem_min = 4096
 sysctl: reading key "net.ipv6.conf.default.stable_secret"
 sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
 sysctl: reading key "net.ipv6.conf.lo.stable_secret"
 [root@testc /]# sysctl -a | grep net.core*
 net.core.somaxconn = 4096
 net.core.xfrm_acq_expires = 30
 net.core.xfrm_aevent_etime = 10
 net.core.xfrm_aevent_rseqth = 2
 net.core.xfrm_larval_drop = 1
 sysctl: reading key "net.ipv6.conf.all.stable_secret"
 sysctl: reading key "net.ipv6.conf.default.stable_secret"
 sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
 sysctl: reading key "net.ipv6.conf.lo.stable_secret"