From 8d37d97d01ddbf2ad0fa6a68b531b079fac72bdb Mon Sep 17 00:00:00 2001
From: Mike Brown <brownwm@us.ibm.com>
Date: Tue, 8 Aug 2017 15:01:13 -0500
Subject: [PATCH] sets sysctls from pod config annotations

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
---
 pkg/server/sandbox_run.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/server/sandbox_run.go b/pkg/server/sandbox_run.go
index 6a15130cf..121cf7d8b 100644
--- a/pkg/server/sandbox_run.go
+++ b/pkg/server/sandbox_run.go
@@ -306,7 +306,11 @@ func (c *criContainerdService) generateSandboxContainerSpec(id string, config *r
 
 	// TODO(random-liu): [P1] Set privileged.
 
-	// TODO(random-liu): [P2] Set sysctl from annotations.
+	// Add sysctls
+	sysctls := config.GetLinux().GetSysctls()
+	for key, value := range sysctls {
+		g.AddLinuxSysctl(key, value)
+	}
 
 	// TODO(random-liu): [P2] Set apparmor and seccomp from annotations.