Why sysctl variables are not exposed to the container when enabling both network and user namespace in Red Hat Enterprise Linux 7 ?

Solution Verified - Updated -

Issue

  • Why sysctl variables are not exposed to the container when enabling both network and user namespace in Red Hat Enterprise Linux 7 ?
    Example: This sysctl variable visible under user and net namespaces independently:
$ sudo unshare -n ls /proc/sys/net/ipv4/vs/conntrack 
/proc/sys/net/ipv4/vs/conntrack

$ sudo unshare -U ls /proc/sys/net/ipv4/vs/conntrack 
/proc/sys/net/ipv4/vs/conntrack

But, when under both namespaces at the same time, the variable not visible.

$ sudo unshare -Un ls /proc/sys/net/ipv4/vs/conntrack 
ls: cannot access /proc/sys/net/ipv4/vs/conntrack: No such file or directory

Environment

  • Red Hat Enterprise Linux 7.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content