Why linux kernel can't update ipv6 conf via netlink.

xiaoyi.jin

New Member
Joined
Nov 18, 2019
Messages
2
Reaction score
1
Credits
0
for example, we can enable ipv6 forwording via "sysctl -w net.ipv6.conf.default.forwarding=1" with priviledge=true in docker.
it can't update it with only net-admin.
 


JulienCC

Active Member
Joined
Oct 7, 2019
Messages
235
Reaction score
207
Credits
0
I didn't understand what you mean and I think I'm not the only one.

What did you try to do exactly ?
it can't update it with only net-admin
never heard of "net-admin" to configure anything on linux. Can you give us more details ?
 
OP
X

xiaoyi.jin

New Member
Joined
Nov 18, 2019
Messages
2
Reaction score
1
Credits
0
thanks for your reply.

In k8s container, the process is running without root priviledge. /proc/sys/net is read-only filesystem.
We can't update any conf under /proc/sys/net.


In detail, for ipv4, inet_set_link_af(net/ipv4/devinet.c) can update IFLA_INET_CONF attributes.
But for ipv6, inet6_set_link_af(net/ipv6/addrconf.c) can't update IFLA_INET6_CONF attributes.
 

JulienCC

Active Member
Joined
Oct 7, 2019
Messages
235
Reaction score
207
Credits
0
What I understand is that you are trying to change some kernel parameters from inside a docker container.

You can't change the hosts kernel parameters from inside a container
Note: Not all sysctls are namespaced. Docker does not support changing sysctls inside of a container that also modify the host system. As the kernel evolves we expect to see more sysctls become namespaced.

You need to set the proper parameters on your host. You can also set some sysctl on the container itself, but the scope will be limited to the container itself.
Code:
$ docker run --sysctl net.ipv4.ip_forward=1 someimage



If it's about kubernetes (your said k8), there is some doc here : https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
 

samK

New Member
Joined
Jun 17, 2020
Messages
27
Reaction score
3
Credits
200
  1. Open a terminal window.
  2. Change to the root user.
  3. Issue the command sysctl -w net. ipv6. conf. all. disable_ipv6=1.
  4. Issue the command sysctl -w net. ipv6. conf. default. disable_ipv6=1.
 
$200 Digital Ocean Credit
Get a free VM to test out Linux!


Staff online

Members online


Latest posts

Top