Apply sysctls from the OCI spec (#580)

dkovba · web-flow · commit 28f1c5a9b563 · 2026-03-12T20:46:16.000-07:00
Applies sysctls from the OCI spec.
diff --git a/vminitd/Sources/vmexec/RunCommand.swift b/vminitd/Sources/vmexec/RunCommand.swift
@@ -159,6 +159,23 @@ struct RunCommand: ParsableCommand {
             }
         }
 
+        // Apply sysctls from the OCI spec.
+        if let sysctls = spec.linux?.sysctl {
+            for (key, value) in sysctls {
+                let path = "/proc/sys/" + key.replacingOccurrences(of: ".", with: "/")
+                let fd = open(path, O_WRONLY)
+                guard fd >= 0 else {
+                    throw App.Errno(stage: "sysctl open(\(path))")
+                }
+                defer { close(fd) }
+                let bytes = Array(value.utf8)
+                let written = write(fd, bytes, bytes.count)
+                guard written == bytes.count else {
+                    throw App.Errno(stage: "sysctl write(\(key)=\(value))")
+                }
+            }
+        }
+
         // Apply O_CLOEXEC to all file descriptors except stdio.
         // This ensures that all unwanted fds we may have accidentally
         // inherited are marked close-on-exec so they stay out of the
