feat: Added net.ipv4.tcp_rmem and net.ipv4.tcp_wmem into safe sysctl list #125234

Signed-off-by: nikzayn <nikhilvaidyar1997@gmail.com>

pkg/kubelet/sysctl/safe_sysctls.go

@@ -60,6 +60,12 @@ var safeSysctls = []sysctl{
 		name:   "net.ipv4.tcp_keepalive_probes",
 		kernel: utilkernel.TCPKeepAliveProbesNamespacedKernelVersion,
 	},
+	{
+		name: "net.ipv4.tcp_rmem",
+	},
+	{
+		name: "net.ipv4.tcp_wmem",
+	},
 }
 
 // SafeSysctlAllowlist returns the allowlist of safe sysctls and safe sysctl patterns (ending in *).

pkg/kubelet/sysctl/safe_sysctls_test.go

@@ -41,6 +41,8 @@ func Test_getSafeSysctlAllowlist(t *testing.T) {
 				"net.ipv4.tcp_syncookies",
 				"net.ipv4.ping_group_range",
 				"net.ipv4.ip_unprivileged_port_start",
+				"net.ipv4.tcp_rmem",
+				"net.ipv4.tcp_wmem",
 			},
 		},
 		{
@@ -56,6 +58,8 @@ func Test_getSafeSysctlAllowlist(t *testing.T) {
 				"net.ipv4.ping_group_range",
 				"net.ipv4.ip_unprivileged_port_start",
 				"net.ipv4.ip_local_reserved_ports",
+				"net.ipv4.tcp_rmem",
+				"net.ipv4.tcp_wmem",
 			},
 		},
 		{
@@ -75,6 +79,8 @@ func Test_getSafeSysctlAllowlist(t *testing.T) {
 				"net.ipv4.tcp_fin_timeout",
 				"net.ipv4.tcp_keepalive_intvl",
 				"net.ipv4.tcp_keepalive_probes",
+				"net.ipv4.tcp_rmem",
+				"net.ipv4.tcp_wmem",
 			},
 		},
 	}