Probably @stgraber meant “namespaced” sysctl keys. Can’t quickly find full list, but here is a small example between default and custom network namespace in meaning of sysctl keys.
Default network namespace:
root@hostname:~# sysctl net 2>/dev/null | wc -l
719
root@hostname:~# sysctl net.core.wmem_default
net.core.wmem_default = 212992
root@hostname:~# sysctl net.core.somaxconn
net.core.somaxconn = 128
root@hostname:~# sysctl net.core.somaxconn=129
net.core.somaxconn = 129
root@hostname:~# sysctl net.core.somaxconn
net.core.somaxconn = 129
Custom namespace:
root@hostname:~# ip netns add test
root@hostname:~# ip netns exec test bash
root@hostname:~# sysctl net 2>/dev/null | wc -l
402
root@hostname:~# sysctl net.core.wmem_default
sysctl: cannot stat /proc/sys/net/core/wmem_default: No such file or directory
root@hostname:~# sysctl net.core.somaxconn
net.core.somaxconn = 128
root@hostname:~# sysctl net.core.somaxconn=130
net.core.somaxconn = 130
root@hostname:~# sysctl net.core.somaxconn
net.core.somaxconn = 130
And default again:
root@hostname:~# sysctl net.core.somaxconn
net.core.somaxconn = 129
I hope the difference is clearly visible (inside of custom namespace you can see and tune only “namespaced” keys). And changes doesn’t affect the host system (correct me if I mistaken here).
And repeating my initial question: is there a way to tune net.core.somaxconn inside of unprivileged LXC container (in custom network namespace)?