rootless | runc failing to start container with --sysctl net.core.somaxconn

[apostasie]

Description

In rootless, runc fails to start a container that uses --sysctl net.core.somaxconn

This is possibly an effect of torvalds/linux@464dc80

This might be a runc issue - depending on how you look at this. If it is, there seem to be some related discussion here: opencontainers/runc#3770

Maybe we should not hard error on this?

Not entirely sure why we do not catch that on the CI, as we do have TestContainerInspectHostConfig that is tripping this bug on my local machine.

Steps to reproduce the issue

1. nerdctl run -ti --sysctl net.core.somaxconn=1024 debian bash

Describe the results you received and expected

FATA[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/core/somaxconn: no such file or directory

Expected: maybe complain about that, but do not hard fail?

What version of nerdctl are you using?

main

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

Linux lima-on-debian 6.1.0-32-cloud-arm64 #1 SMP Debian 6.1.129-1 (2025-03-06) aarch64 GNU/Linux

[AkihiroSuda]

Expected behavior.
Can be discussed in https://github.com/opencontainers/runtime-spec/issues to add the allowSysctlErrors (bool? []string?) flag

[apostasie]

And/or should we filter in nerdctl?

(update: is this the right issue being linked? ^)

[AkihiroSuda]

Sorry, intended to link https://github.com/opencontainers/runtime-spec/issues