diff --git a/pkg/server/sandbox_run.go b/pkg/server/sandbox_run.go
index 6a15130cf..121cf7d8b 100644
--- a/pkg/server/sandbox_run.go
+++ b/pkg/server/sandbox_run.go
@@ -306,7 +306,11 @@ func (c *criContainerdService) generateSandboxContainerSpec(id string, config *r
 
 	// TODO(random-liu): [P1] Set privileged.
 
-	// TODO(random-liu): [P2] Set sysctl from annotations.
+	// Add sysctls
+	sysctls := config.GetLinux().GetSysctls()
+	for key, value := range sysctls {
+		g.AddLinuxSysctl(key, value)
+	}
 
 	// TODO(random-liu): [P2] Set apparmor and seccomp from annotations.