From b7583a2c28eb7116eaf4f8e3fc42f9104ce11a97 Mon Sep 17 00:00:00 2001 From: Rob Murray Date: Wed, 8 May 2024 14:26:33 +0000 Subject: [PATCH] Explain how to use "--network driver-opt" to set sysctls Signed-off-by: Rob Murray --- docs/reference/commandline/container_run.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/reference/commandline/container_run.md b/docs/reference/commandline/container_run.md index d7c0c13efb..123917b6e5 100644 --- a/docs/reference/commandline/container_run.md +++ b/docs/reference/commandline/container_run.md @@ -776,6 +776,26 @@ $ docker network create --subnet 192.0.3.0/24 my-net2 $ docker run -itd --network=name=my-net1,ip=192.0.2.42 --network=name=my-net2,ip=192.0.3.42 busybox ``` +`sysctl` settings that start with `net.ipv4.`, `net.ipv6.` or `net.mpls.` can be +set per-interface using `driver-opt` label `com.docker.network.endpoint.sysctls`. +The interface name must be the string `IFNAME`. + +To set more than one `sysctl` for an interface, quote the whole `driver-opt` field, +remembering to escape the quotes for the shell if necessary. For example, if the +interface to `my-net` is given name `eth0`, the following example sets sysctls +`net.ipv4.conf.eth0.log_martians=1` and `net.ipv4.conf.eth0.forwarding=0`, and +assigns the IPv4 address `192.0.2.42`. + +```console +$ docker network create --subnet 192.0.2.0/24 my-net +$ docker run -itd --network=name=my-net,\"driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1,net.ipv4.conf.IFNAME.forwarding=0\",ip=192.0.2.42 busybox +``` + +> **Note** +> +> Network drivers may restrict the sysctl settings that can be modified and, to protect +> the operation of the network, new restrictions may be added in the future. + For more information on connecting a container to a network when using the `run` command, see the [Docker network overview](https://docs.docker.com/network/).