'/' is allowed as a separator in sysctl name

[mengjiao-liu]

Runtime spec says:

sysctl (object, OPTIONAL) allows kernel parameters to be modified at
runtime for the container. For more information, see the sysctl(8)
man page.

and linux sysctl says:

variable
The name of a key to read from. An example is
kernel.ostype. The '/' separator is also accepted in place of a '.'.

       Note that either "/" or "."  may be used as separators within
       sysctl variable names. If the first separator is a slash,
       remaining slashes and dots are left intact. If the first
       separator is a dot, dots and slashes are interchanged.
       "kernel.domainname=foo" and "kernel/domainname=foo" are
       equivalent and will cause "foo" to be written to
       /proc/sys/kernel/domainname. Either
       "net.ipv4.conf.enp3s0/200.forwarding" or
       "net/ipv4/conf/enp3s0.200/forwarding" may be used to refer to
       /proc/sys/net/ipv4/conf/enp3s0.200/forwarding. A glob glob(7)
       pattern may be used to write the same value to all matching keys.
       Keys for which an explicit pattern exists will be excluded from
       any glob matching. In addition, a key may be explicitly excluded
       from being set by any matching glob patterns by specifying the
       key name prefixed with a "-" character and not followed by "=",
       see SYNOPSIS.

https://man7.org/linux/man-pages/man8/sysctl.8.html
https://man7.org/linux/man-pages/man5/sysctl.d.5.html

However, in fact, the sysctl name in runc does not support a slash as a separator.

This PR #3254 wants to solve this problem, but I think the conversion method does not match the linux sysctl definition.

see https://github.com/opencontainers/runc/pull/3254/files#r739936786 for more details.

So I opened this issue to track the fix of this issue andI will open a new PR to fix this.

Related to:

• Upgrade preparation to verify sysctl values containing forward slashes by regex kubernetes/kubernetes#102393
• libct/configs/validate: allow / in sysctl names #3254

/assign

[kolyshkin]

OK, I think you refer to sysctl.d(5) man page, which says

Note that either "/" or "." may be used as separators within sysctl variable names. If the first separator is a slash, remaining slashes and dots are left intact. If the first separator is a dot, dots and slashes are interchanged. "kernel.domainname=foo" and "kernel/domainname=foo" are equivalent and will cause "foo" to be written to /proc/sys/kernel/domainname. Either "net.ipv4.conf.enp3s0/200.forwarding" or "net/ipv4/conf/enp3s0.200/forwarding" may be used to refer to /proc/sys/net/ipv4/conf/enp3s0.200/forwarding.

This obviously needs more changes that what's done in #3254. Will work on it later this week.

[mengjiao-liu]

Yes, we need to refer to the conversion method of sysctl.d(5) to modify.
PR #3257 try to fix the issue.