Add support for --sysctl

src/cli/container/podman.rs

@@ -388,12 +388,6 @@ pub struct PodmanArgs {
     #[arg(long, value_name = "NAME")]
     subuidname: Option<String>,
 
-    /// Configure namespaced kernel parameters at runtime
-    ///
-    /// Can be specified multiple times
-    #[arg(long, value_name = "NAME=VALUE")]
-    sysctl: Vec<String>,
-
     /// Run container in systemd mode
     ///
     /// Default is true
@@ -532,7 +526,6 @@ impl Default for PodmanArgs {
             stop_timeout: None,
             subgidname: None,
             subuidname: None,
-            sysctl: Vec::new(),
             systemd: None,
             timeout: None,
             tls_verify: None,
@@ -623,7 +616,6 @@ impl PodmanArgs {
             + self.stop_timeout.iter().len()
             + self.subgidname.iter().len()
             + self.subuidname.iter().len()
-            + self.sysctl.len()
             + self.systemd.iter().len()
             + self.timeout.iter().len()
             + self.tls_verify.iter().len()
@@ -874,8 +866,6 @@ impl Display for PodmanArgs {
 
         extend_args(&mut args, "--subuidname", &self.subuidname);
 
-        extend_args(&mut args, "--sysctl", &self.sysctl);
-
         extend_args(&mut args, "--systemd", &self.systemd);
 
         let timeout = self.timeout.map(|timeout| timeout.to_string());
@@ -960,19 +950,6 @@ impl TryFrom<&mut docker_compose_types::Service> for PodmanArgs {
             .map(|(key, value)| format!("{key}={value}"))
             .collect();
 
-        let sysctl = match mem::take(&mut value.sysctls) {
-            docker_compose_types::SysCtls::List(vec) => vec,
-            docker_compose_types::SysCtls::Map(map) => map
-                .into_iter()
-                .map(|(key, value)| {
-                    let value = value
-                        .as_ref()
-                        .map_or_else(|| String::from("null"), ToString::to_string);
-                    format!("{key}={value}")
-                })
-                .collect(),
-        };
-
         Ok(Self {
             hostname: value.hostname.take(),
             privileged: value.privileged,
@@ -989,7 +966,6 @@ impl TryFrom<&mut docker_compose_types::Service> for PodmanArgs {
             log_opt,
             add_host: mem::take(&mut value.extra_hosts),
             tty: value.tty,
-            sysctl,
             ..Self::default()
         })
     }

src/cli/container/quadlet.rs

@@ -237,6 +237,14 @@ pub struct QuadletOptions {
     #[arg(long, value_name = "SECRET[,OPT=OPT,...]")]
     secret: Vec<String>,
 
+    /// Configures namespaced kernel parameters for the container.
+    ///
+    /// Converts to "Sysctl=NAME=VALUE"
+    ///
+    /// Can be specified multiple times
+    #[arg(long, value_name = "NAME=VALUE")]
+    sysctl: Vec<String>,
+
     /// Create a tmpfs mount
     ///
     /// Converts to "Tmpfs=FS" or, if FS == /tmp, "VolatileTmp=true"
@@ -348,6 +356,7 @@ impl From<QuadletOptions> for crate::quadlet::Container {
             read_only: value.read_only,
             run_init: value.init,
             secret: value.secret,
+            sysctl: value.sysctl,
             tmpfs,
             timezone: value.tz,
             user,

src/quadlet/container.rs

@@ -51,6 +51,7 @@ pub struct Container {
     pub security_label_level: Option<String>,
     pub security_label_type: Option<String>,
     pub secret: Vec<String>,
+    pub sysctl: Vec<String>,
     pub tmpfs: Vec<String>,
     pub timezone: Option<String>,
     pub user: Option<String>,
@@ -221,6 +222,10 @@ impl Display for Container {
         for secret in &self.secret {
             writeln!(f, "Secret={secret}")?;
         }
+
+        if !self.sysctl.is_empty() {
+            writeln!(f, "Sysctl={}", escape_spaces_join(&self.sysctl))?;
+        }
 
         for tmpfs in &self.tmpfs {
             writeln!(f, "Tmpfs={tmpfs}")?;