Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix error on applying the sysctl vars on containers #243

Merged
merged 7 commits into from Dec 19, 2019
Merged

Fix error on applying the sysctl vars on containers #243

merged 7 commits into from Dec 19, 2019

Conversation

ghost
Copy link

@ghost ghost commented Oct 29, 2019

Rework #240

Oleg Kupriyanov and others added 5 commits October 28, 2019 13:08
@rndmh3ro
Copy link
Member

Strange that it fails in travis on Debian 10.. Locally it does not fail for me. :/

@ghost
Copy link
Author

ghost commented Nov 1, 2019

@rndmh3ro How can I try to rebuild failed travis test?

@rndmh3ro
Copy link
Member

rndmh3ro commented Nov 3, 2019

@okupriyanov, by commiting again. :)
I also reran the test manually, still failing. :(

@Wilkes77Ace
Copy link

There is the same bug with LXC containers, you may add the bugfix withing this pull request. ;)

@rndmh3ro
Copy link
Member

rndmh3ro commented Nov 9, 2019

@Wilkes77Ace, you're right!

@okupriyanov, would you mind adding lxc while I figure out why the tests fail?
You can do it like that so the when-condition is easier to read:

      when: ansible_virtualization_type not in ['docker', 'openvz', 'lxc']

Oleg Kupriyanov added 2 commits November 19, 2019 11:35
Add lxc in sysctl exceptions list
f46ac32
Merge branch 'fix-error-on-applying-the-sysctl-vars-on-containers' of…
637b8f8 
… github.com:okupriyanov/ansible-os-hardening into fix-error-on-applying-the-sysctl-vars-on-containers
@ghost
Copy link
Author

ghost commented Nov 19, 2019
edited by ghost
Loading

@rndmh3ro Done.

@rndmh3ro rndmh3ro merged commit 75935cb into dev-sec:master Dec 19, 2019
@rndmh3ro
Copy link
Member

Totally forgot to merge this, sorry!

@ghost ghost deleted the fix-error-on-applying-the-sysctl-vars-on-containers branch December 23, 2019 06:40
@rndmh3ro rndmh3ro added the bug label May 5, 2020
@mibaboo
Copy link

mibaboo commented Jun 1, 2020

Hi ,
Is it possible to have sysctl vars applied to a container? We use a container to test out code.

@rndmh3ro
Copy link
Member

rndmh3ro commented Jun 1, 2020

@mibaboo, sysctl changes kernel parameters. Since container share the kernel of the host you'd effectively modifying the host. That's why sysctl tasks do not run in a container.

@mibaboo
Copy link

mibaboo commented Jun 5, 2020

@rndmh3ro makes sense thank you

divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@rndmh3ro
Fix error on applying the sysctl vars on containers (dev-sec#243)
0814ca4 
* Add exception in sysctl task

No need apply sysctl in docker and openvz containers.

Signed-off-by: Oleg Kupriyanov <[email protected]>

* use block for sysctl tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rndmh3ro @Wilkes77Ace @mibaboo