Quadlet: Add support for --sysctl flag

The Sysctl=name=value entry can be used to set --sysctl=name=value directly without the need to use PodmanArgs=--sysctl=name=value. Signed-off-by: Laurenz Kruty <git@laurenzkruty.de>
2025-06-01 01:00:22 +08:00 · 2023-06-02 22:20:55 +02:00
parent 57797d8559
commit b37f74b732
4 changed files with 28 additions and 0 deletions
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@ -128,6 +128,7 @@ Valid options for `[Container]` are listed below:
 | SecurityLabelFileType=usr_t    | --security-opt label=filetype:usr_t                  |
 | SecurityLabelLevel=s0:c1,c2    | --security-opt label=level:s0:c1,c2                  |
 | SecurityLabelType=spc_t        | --security-opt label=type:spc_t                      |
+| Sysctl=name=value              | --sysctl=name=value                                  |
 | Timezone=local                 | --tz local                                           |
 | Tmpfs=/work                    | --tmpfs /work                                        |
 | User=bin                       | --user bin                                           |
@ -428,6 +429,17 @@ Set the label process type for the container processes.
 Use a Podman secret in the container either as a file or an environment variable.
 This is equivalent to the Podman `--secret` option and generally has the form `secret[,opt=opt ...]`

+### `Sysctl=`
+
+Configures namespaced kernel parameters for the container. The format is `Sysctl=name=value`.
+
+This is a space separated list of kernel parameters. This key can be listed multiple times.
+
+For example:
+```
+Sysctl=net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.all.use_tempaddr=1
+```
+
 ### `Tmpfs=`

 Mount a tmpfs in the container. This is equivalent to the Podman `--tmpfs` option, and