diff --git a/blueprints/docker-for-mac/base.yml b/blueprints/docker-for-mac/base.yml index 1a3479543..1ea617680 100644 --- a/blueprints/docker-for-mac/base.yml +++ b/blueprints/docker-for-mac/base.yml @@ -13,7 +13,7 @@ onboot: - name: metadata image: linuxkit/metadata:9b288a0b461a3dbc584d126f3d4c54b4d588e557 - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: sysfs image: linuxkit/sysfs:1284b4a7061a5cc426425f0fb00748192505a05f - name: binfmt diff --git a/examples/aws.yml b/examples/aws.yml index 167be2fa9..17ee653ba 100644 --- a/examples/aws.yml +++ b/examples/aws.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/azure.yml b/examples/azure.yml index 8ea3f8fe1..86f6d4d43 100644 --- a/examples/azure.yml +++ b/examples/azure.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 services: - name: rngd image: linuxkit/rngd:94e01a4b16fadb053455cdc2269c4eb0b39199cd diff --git a/examples/cadvisor.yml b/examples/cadvisor.yml index c1bdfe8a3..50651edd6 100644 --- a/examples/cadvisor.yml +++ b/examples/cadvisor.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/docker.yml b/examples/docker.yml index 0c47ae342..aaea2de0d 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: sysfs image: linuxkit/sysfs:1284b4a7061a5cc426425f0fb00748192505a05f - name: format diff --git a/examples/gcp.yml b/examples/gcp.yml index 1b08e3845..962895b40 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/getty.yml b/examples/getty.yml index f15b70b16..be03716b7 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/hostmount-writeable-overlay.yml b/examples/hostmount-writeable-overlay.yml index 8235cdde8..a3c8a1583 100644 --- a/examples/hostmount-writeable-overlay.yml +++ b/examples/hostmount-writeable-overlay.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/openstack.yml b/examples/openstack.yml index e15572aed..f73c9ea46 100644 --- a/examples/openstack.yml +++ b/examples/openstack.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/packet.yml b/examples/packet.yml index 00842b821..0678c84fc 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -13,7 +13,7 @@ onboot: image: linuxkit/rngd:94e01a4b16fadb053455cdc2269c4eb0b39199cd command: ["/sbin/rngd", "-1"] - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/sshd.yml b/examples/sshd.yml index b1c8fb50f..854ba6747 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: rngd1 image: linuxkit/rngd:94e01a4b16fadb053455cdc2269c4eb0b39199cd command: ["/sbin/rngd", "-1"] diff --git a/examples/swap.yml b/examples/swap.yml index d774be4e4..866df5236 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/tpm.yml b/examples/tpm.yml index 0fc41cd13..bf6837bfd 100644 --- a/examples/tpm.yml +++ b/examples/tpm.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/vmware.yml b/examples/vmware.yml index 82f4534f1..9987f61bc 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 services: - name: getty image: linuxkit/getty:22e27189b6b354e1d5d38fc0536a5af3f2adb79f diff --git a/examples/vultr.yml b/examples/vultr.yml index 1b08e3845..962895b40 100644 --- a/examples/vultr.yml +++ b/examples/vultr.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/examples/wireguard.yml b/examples/wireguard.yml index 6b6fb5f75..0d51d02bd 100644 --- a/examples/wireguard.yml +++ b/examples/wireguard.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/linuxkit.yml b/linuxkit.yml index 77e800d15..1e14df745 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf index 9e7f17dfa..1ef90f3d5 100644 --- a/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf +++ b/pkg/sysctl/etc/sysctl.d/00-linuxkit.conf @@ -7,9 +7,9 @@ net.ipv4.ping_group_range=999 59999 vm.max_map_count = 262144 vm.overcommit_memory = 1 net.core.somaxconn = 1024 -net.ipv4.neigh.default.gc_thresh1 = 30000 -net.ipv4.neigh.default.gc_thresh2 = 32000 -net.ipv4.neigh.default.gc_thresh3 = 32768 +net.ipv4.neigh.default.gc_thresh1 = 80000 +net.ipv4.neigh.default.gc_thresh2 = 90000 +net.ipv4.neigh.default.gc_thresh3 = 100000 fs.aio-max-nr = 1048576 fs.inotify.max_user_watches = 524288 fs.file-max = 524288 diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml index b1734c114..a7c50fb37 100644 --- a/projects/compose/compose-dynamic.yml +++ b/projects/compose/compose-dynamic.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: sysfs image: linuxkit/sysfs:1284b4a7061a5cc426425f0fb00748192505a05f - name: dhcpcd diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml index e8b7783d0..858874372 100644 --- a/projects/compose/compose-static.yml +++ b/projects/compose/compose-static.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: sysfs image: linuxkit/sysfs:1284b4a7061a5cc426425f0fb00748192505a05f - name: dhcpcd diff --git a/projects/ima-namespace/ima-namespace.yml b/projects/ima-namespace/ima-namespace.yml index 0a5bbcc55..30aaa130c 100644 --- a/projects/ima-namespace/ima-namespace.yml +++ b/projects/ima-namespace/ima-namespace.yml @@ -9,7 +9,7 @@ init: - linuxkit/ima-utils:dfeb3896fd29308b80ff9ba7fe5b8b767e40ca29 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index 1ef98fbc6..8c92ed412 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -9,7 +9,7 @@ init: - linuxkit/memlogd:9b5834189f598f43c507f6938077113906f51012 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/projects/miragesdk/examples/fdd.yml b/projects/miragesdk/examples/fdd.yml index 75cd93931..8e0646362 100644 --- a/projects/miragesdk/examples/fdd.yml +++ b/projects/miragesdk/examples/fdd.yml @@ -9,7 +9,7 @@ init: - samoht/fdd onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 services: - name: getty image: linuxkit/getty:22e27189b6b354e1d5d38fc0536a5af3f2adb79f diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 7d09adc07..2e1aaf412 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:78706a05d00a7385ff2b6b7db280041338e4b34a onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcp-client image: miragesdk/dhcp-client:22aa9d527820534295a8cd59901c0c5197af6585 net: host diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 0e7682aa4..342f9512d 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 services: - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml index c9c19aa60..d4957c2d4 100644 --- a/projects/shiftfs/shiftfs.yml +++ b/projects/shiftfs/shiftfs.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: dhcpcd image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] diff --git a/test/cases/030_security/000_docker-bench/test.yml b/test/cases/030_security/000_docker-bench/test.yml index ab0e03e31..50488dee4 100644 --- a/test/cases/030_security/000_docker-bench/test.yml +++ b/test/cases/030_security/000_docker-bench/test.yml @@ -8,7 +8,7 @@ init: - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0 onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: sysfs image: linuxkit/sysfs:1284b4a7061a5cc426425f0fb00748192505a05f - name: format diff --git a/test/cases/040_packages/003_containerd/test.yml b/test/cases/040_packages/003_containerd/test.yml index e4b87436e..4eb686d35 100644 --- a/test/cases/040_packages/003_containerd/test.yml +++ b/test/cases/040_packages/003_containerd/test.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: format image: linuxkit/format:5a1140cb65e733f26de727fa684fef1326e9d5ab - name: mount diff --git a/test/cases/040_packages/019_sysctl/test.yml b/test/cases/040_packages/019_sysctl/test.yml index bed2d0046..7939089e2 100644 --- a/test/cases/040_packages/019_sysctl/test.yml +++ b/test/cases/040_packages/019_sysctl/test.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:7b15b00b4e3507d62e3ed8d44dfe650561cd35ff onboot: - name: sysctl - image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21 + image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12 - name: test image: alpine:3.7 net: host