Issue
I am confused with whether docker will inherit the host's kernel parameter.I have do some tests as below: The kernel version:
$ uname -r
3.10.0-957.el7.x86_64
- I want to echo the
ip_local_port_rangeparm and the command is :
$ sudo docker run --rm busybox cat /proc/sys/net/ipv4/ip_local_port_range
the output:
128
That is quite reasonable as ip_local_port_range is a namespaced parameter and I guess it inherits from the host.
- Test
tcp_tw_reuseparameter:
sudo docker run --rm busybox cat /proc/sys/net/ipv4/tcp_tw_reuse
the output:
cat: can't open '/proc/sys/net/ipv4/tcp_tw_reuse': No such file or directory
That is reasonable too, as far as I know, in kernel 3.10 the tcp_tw_reuse is not namespaced and the docker does not have that file. Now, I would like to know is, as the '/proc/sys/net/ipv4/tcp_tw_reuse' file is not present in the container, will the container inherit its value from the host. Any help will be appreciated.
Solution
The vanilla 3.10 kernel was released in 2013. Namespacing of tcp_fin_timeout happened much later, in early 2016, and namespacing of tcp_tw_reuse happened even later.
In fact, these are the networking sysctls which are namespaced in vanilla 3.10:
int sysctl_icmp_echo_ignore_all;
int sysctl_icmp_echo_ignore_broadcasts;
int sysctl_icmp_ignore_bogus_error_responses;
int sysctl_icmp_ratelimit;
int sysctl_icmp_ratemask;
int sysctl_icmp_errors_use_inbound_ifaddr;
int sysctl_tcp_ecn;
kgid_t sysctl_ping_group_range[2];
long sysctl_tcp_mem[3];
Not so much. Other sysctls are globals, used disregarding what the caller's network namespace is. This includes sysctls of your interest:
tcp_fin_timeout- definition, use;tcp_tw_reuse- definition, use.
Note, that latest RHEL/CentOS versions of kernel 3.10 (which you seem to use) have some more sysctls namespaced - e.g. ip_local_port_range, mentioned by you, but this still does not include tcp_fin_timeout and tcp_tw_reuse.
So, finally answering your question: in kernel 3.10, these parameters are system-wide, and containerized processes use the same values of these sysctls as the host system.
Answered By - Danila Kiver Answer Checked By - Clifford M. (WPSolving Volunteer)
