From 4226cb4a0217eae359188a53fab9d616d6858b9d Mon Sep 17 00:00:00 2001
From: Furisto <24721048+Furisto@users.noreply.github.com>
Date: Thu, 12 Aug 2021 23:59:27 +0200
Subject: [PATCH] Support sysctl

---
 integration_test.sh |  2 +-
 src/process/init.rs | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/integration_test.sh b/integration_test.sh
index dac099cdf..35967fd68 100755
--- a/integration_test.sh
+++ b/integration_test.sh
@@ -8,7 +8,7 @@ test_cases=("default/default.t" "linux_cgroups_devices/linux_cgroups_devices.t"
 "linux_cgroups_cpus/linux_cgroups_cpus.t" "linux_cgroups_relative_cpus/linux_cgroups_relative_cpus.t" 
 "linux_cgroups_relative_devices/linux_cgroups_relative_devices.t" "linux_cgroups_relative_hugetlb/linux_cgroups_relative_hugetlb.t" 
 "linux_cgroups_relative_memory/linux_cgroups_relative_memory.t" "linux_cgroups_relative_network/linux_cgroups_relative_network.t" 
-"linux_cgroups_relative_pids/linux_cgroups_relative_pids.t" "create/create.t" "kill/kill.t" "delete/delete.t" "state/state.t")
+"linux_cgroups_relative_pids/linux_cgroups_relative_pids.t" "create/create.t" "kill/kill.t" "delete/delete.t" "state/state.t" "linux_sysctl/linux_sysctl.t")
 # Record the tests that runc also fails to pass below, maybe we will fix this by origin integration test, issue: https://github.com/containers/youki/issues/56
 # no_paas_test_case=("start/start.t")
 for case in "${test_cases[@]}"; do
diff --git a/src/process/init.rs b/src/process/init.rs
index d68d99518..663de6ed7 100644
--- a/src/process/init.rs
+++ b/src/process/init.rs
@@ -6,6 +6,7 @@ use nix::{
     unistd::{Gid, Uid},
 };
 use oci_spec::Spec;
+use std::collections::HashMap;
 use std::{
     env,
     os::unix::{io::AsRawFd, prelude::RawFd},
@@ -188,6 +189,10 @@ pub fn container_init(args: ContainerInitArgs) -> Result<()> {
         command
             .pivot_rootfs(rootfs)
             .with_context(|| format!("Failed to pivot root to {:?}", rootfs))?;
+
+        if let Some(kernel_params) = &linux.sysctl {
+            sysctl(kernel_params)?;
+        }
     }
 
     if let Some(paths) = &linux.readonly_paths {
@@ -263,6 +268,22 @@ pub fn container_init(args: ContainerInitArgs) -> Result<()> {
     unreachable!();
 }
 
+fn sysctl(kernel_params: &HashMap<String, String>) -> Result<()> {
+    let sys = PathBuf::from("/proc/sys");
+    for (kernel_param, value) in kernel_params {
+        let path = sys.join(kernel_param.replace(".", "/"));
+        log::debug!(
+            "apply value {} to kernel parameter {}.",
+            value,
+            kernel_param
+        );
+        fs::write(path, value.as_bytes())
+            .with_context(|| format!("failed to set sysctl {}={}", kernel_param, value))?;
+    }
+
+    Ok(())
+}
+
 fn readonly_path(path: &str) -> Result<()> {
     match nix_mount::<str, str, str, str>(
         Some(path),