From ce2347eda606b447a42879fe0616de5b9bd0f9e2 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 4 Aug 2017 12:48:27 +0100 Subject: [PATCH 1/2] Enable sysctl kernel.dmesg_restrict This requires that users have `CAP_SYSLOG` in order to access `dmesg`. This means that containers by default have no access to `dmesg` (which can leak information about the host or other containers) unless they have this capability added. Signed-off-by: Justin Cormack --- pkg/sysctl/etc/sysctl.d/00-linuxkit.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf index bb59b989c..db498738e 100644 --- a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf +++ b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf @@ -22,6 +22,7 @@ net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 +kernel.dmesg_restrict = 1 kernel.perf_event_paranoid = 3 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 From ee349da98ab6c0dab04fcf49530924e1d46f907b Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 4 Aug 2017 13:34:14 +0100 Subject: [PATCH 2/2] update hashes for sysctl (arm and x86) Signed-off-by: Justin Cormack --- blueprints/docker-for-mac/base.yml | 2 +- examples/aws.yml | 2 +- examples/azure.yml | 2 +- examples/docker.yml | 2 +- examples/gcp.yml | 2 +- examples/getty.yml | 2 +- examples/packet.yml | 2 +- examples/sshd.yml | 2 +- examples/swap.yml | 2 +- examples/tpm.yml | 2 +- examples/vmware.yml | 2 +- examples/vultr.yml | 2 +- linuxkit.yml | 2 +- projects/compose/compose-dynamic.yml | 2 +- projects/compose/compose-static.yml | 2 +- projects/etcd/etcd.yml | 2 +- projects/etcd/prom-us-central1-f.yml | 2 +- projects/ima-namespace/ima-namespace.yml | 2 +- projects/kubernetes/kube-master.yml | 2 +- projects/kubernetes/kube-node.yml | 2 +- projects/logging/examples/logging.yml | 2 +- projects/miragesdk/examples/fdd.yml | 2 +- projects/miragesdk/examples/mirage-dhcp.yml | 2 +- projects/okernel/examples/okernel_simple.yaml | 2 +- projects/shiftfs/shiftfs.yml | 2 +- projects/swarmd/swarmd.yml | 2 +- test/cases/030_security/000_docker-bench/test-docker-bench.yml | 2 +- test/cases/040_packages/003_containerd/test-containerd.yml | 2 +- test/cases/040_packages/019_sysctl/test-sysctl.yml | 2 +- 29 files changed, 29 insertions(+), 29 deletions(-) diff --git a/blueprints/docker-for-mac/base.yml b/blueprints/docker-for-mac/base.yml index 73f1c8c00..fce95434c 100644 --- a/blueprints/docker-for-mac/base.yml +++ b/blueprints/docker-for-mac/base.yml @@ -12,7 +12,7 @@ onboot: - name: metadata image: linuxkit/metadata:cec86f3e1c260c9eafefa80c262fceb40c182ddf - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: binfmt diff --git a/examples/aws.yml b/examples/aws.yml index bee9ec715..a22e11237 100644 --- a/examples/aws.yml +++ b/examples/aws.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/azure.yml b/examples/azure.yml index 6add5b6c4..983242a13 100644 --- a/examples/azure.yml +++ b/examples/azure.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 services: - name: rngd image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383 diff --git a/examples/docker.yml b/examples/docker.yml index ddbd3b1db..0af4210b1 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: format diff --git a/examples/gcp.yml b/examples/gcp.yml index eae17ab6b..a7a760654 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/getty.yml b/examples/getty.yml index f407e412c..7a9fbf2ec 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/packet.yml b/examples/packet.yml index d027e3588..c86010073 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 services: - name: rngd image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383 diff --git a/examples/sshd.yml b/examples/sshd.yml index c8ebef263..e824223c1 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: rngd1 image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383 command: ["/sbin/rngd", "-1"] diff --git a/examples/swap.yml b/examples/swap.yml index 795ebc16b..8e9090e9e 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/tpm.yml b/examples/tpm.yml index 140caf917..3709ef55f 100644 --- a/examples/tpm.yml +++ b/examples/tpm.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/vmware.yml b/examples/vmware.yml index aecb5f5c6..d6751b511 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 services: - name: getty image: linuxkit/getty:2c841cdc34396e3fa8f25b62d112808f63f16df6 diff --git a/examples/vultr.yml b/examples/vultr.yml index ab2e4799b..770acecd7 100644 --- a/examples/vultr.yml +++ b/examples/vultr.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/linuxkit.yml b/linuxkit.yml index 1f691fbad..3b15cdf52 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml index 97685621c..2590028b4 100644 --- a/projects/compose/compose-dynamic.yml +++ b/projects/compose/compose-dynamic.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: dhcpcd diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml index 23481cc67..d371a0e88 100644 --- a/projects/compose/compose-static.yml +++ b/projects/compose/compose-static.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: dhcpcd diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 85e6b94ee..c3fd8e5a0 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: format image: linuxkit/format:158d992b7bf7ab984100c697d7e72161ea7d7382 - name: mount diff --git a/projects/etcd/prom-us-central1-f.yml b/projects/etcd/prom-us-central1-f.yml index dbc4cb2a3..198547dc4 100644 --- a/projects/etcd/prom-us-central1-f.yml +++ b/projects/etcd/prom-us-central1-f.yml @@ -8,7 +8,7 @@ init: - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/ima-namespace/ima-namespace.yml b/projects/ima-namespace/ima-namespace.yml index 4fb5d495f..e114157b9 100644 --- a/projects/ima-namespace/ima-namespace.yml +++ b/projects/ima-namespace/ima-namespace.yml @@ -9,7 +9,7 @@ init: - linuxkit/ima-utils:dfeb3896fd29308b80ff9ba7fe5b8b767e40ca29 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index a75690a5f..5e953b706 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: dhcpcd diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 1919c4d53..63c4c5f18 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: dhcpcd diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index 16a959776..a1f5812ae 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -9,7 +9,7 @@ init: - linuxkit/memlogd:9b5834189f598f43c507f6938077113906f51012 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/miragesdk/examples/fdd.yml b/projects/miragesdk/examples/fdd.yml index 16143fb3d..6c8355fab 100644 --- a/projects/miragesdk/examples/fdd.yml +++ b/projects/miragesdk/examples/fdd.yml @@ -9,7 +9,7 @@ init: - samoht/fdd onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 services: - name: getty image: linuxkit/getty:2c841cdc34396e3fa8f25b62d112808f63f16df6 diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 8a6d71ff4..4f7491418 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:7c986fb7df33bea73b5c8097b46989e46f49d875 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcp-client image: miragesdk/dhcp-client:22aa9d527820534295a8cd59901c0c5197af6585 net: host diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 74a9abfc3..fcf06bd37 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 services: - name: rngd image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383 diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml index 5b5549fe0..8f2162261 100644 --- a/projects/shiftfs/shiftfs.yml +++ b/projects/shiftfs/shiftfs.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: dhcpcd image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index f314b48a0..a78dc6c8c 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 binds: - /etc/sysctl.d/01-swarmd.conf:/etc/sysctl.d/01-swarmd.conf - name: dhcpcd diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index 454ed997a..f101348ab 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: format diff --git a/test/cases/040_packages/003_containerd/test-containerd.yml b/test/cases/040_packages/003_containerd/test-containerd.yml index abbbb2a51..9df972d37 100644 --- a/test/cases/040_packages/003_containerd/test-containerd.yml +++ b/test/cases/040_packages/003_containerd/test-containerd.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: format image: linuxkit/format:158d992b7bf7ab984100c697d7e72161ea7d7382 - name: mount diff --git a/test/cases/040_packages/019_sysctl/test-sysctl.yml b/test/cases/040_packages/019_sysctl/test-sysctl.yml index fd8d2a631..6d5624925 100644 --- a/test/cases/040_packages/019_sysctl/test-sysctl.yml +++ b/test/cases/040_packages/019_sysctl/test-sysctl.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:90e45f13e1d0a0983f36ef854621e3eac91cf541 onboot: - name: sysctl - image: linuxkit/sysctl:184c914d23a017062d7b53d7fc1dfaf47764bef6 + image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 - name: test image: alpine:3.6 net: host