On Wed, 2017-07-26 at 19:03 +0200, Matteo Croce wrote: > The following sysctl are global and can't be read or set from a netns: > > net.core.rmem_default > net.core.rmem_max > net.core.wmem_default > net.core.wmem_max > > Make the following sysctl parameters available from within a network > namespace, allowing to set unique values per network namespace. > > My concern is about the initial value of this sysctl in the newly > creates netns: I'm not sure if is better to copy them from the init > namespace or set them to the default values. > > Setting them to the default value has the advantage that a new namespace > behaves like a freshly booted system, while copying them from the init > netns has the advantage of keeping the current behaviour as the values > from the init netns are used. > > Signed-off-by: Matteo Croce <mcr...@redhat.com> > ---
It looks that these sysctls were giving some kind of isolation. If we make them per namespace, a malicious usage could eat all memory and hurt other namespaces.
