Eric Dumazet [off-list ref] writes:

On Wed, 2017-07-26 at 19:03 +0200, Matteo Croce wrote:

quoted

The following sysctl are global and can't be read or set from a netns:

net.core.rmem_default
net.core.rmem_max
net.core.wmem_default
net.core.wmem_max

Make the following sysctl parameters available from within a network
namespace, allowing to set unique values per network namespace.

My concern is about the initial value of this sysctl in the newly
creates netns: I'm not sure if is better to copy them from the init
namespace or set them to the default values.

Setting them to the default value has the advantage that a new namespace
behaves like a freshly booted system, while copying them from the init
netns has the advantage of keeping the current behaviour as the values
from the init netns are used.

Signed-off-by: Matteo Croce <redacted>
---

It looks that these sysctls were giving some kind of isolation.

If we make them per namespace, a malicious usage could eat all memory
and hurt other namespaces.

We do account rmem as well as wmem allocated memory to the apropriate
mem_cgs. In theory this should be okay.

Bye,
Hannes