From 211c47d2659c3762f120536f0bb88e037096248e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mah=C3=A9?= Date: Tue, 25 Oct 2022 18:27:09 +0200 Subject: [PATCH] Add a fuzzing feature for various SecurityContexts in a pod's manifest (#11) It uses google/gofuzz to generate a random but somehow valid SecurityContext that can be injected into a pod's manifest. It can generate a pod securityContext, a container securityContext and an initContainer securityContext. --- .github/workflows/golangci-lint.yaml | 2 - .golangci.yaml | 1 + README.md | 36 + commands/gen.go | 26 +- go.mod | 2 +- pkg/kgen/kgen.go | 134 ++- pkg/kgen/sysctls.go | 1190 ++++++++++++++++++++++++++ 7 files changed, 1386 insertions(+), 5 deletions(-) create mode 100644 pkg/kgen/sysctls.go diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index 345fd40..984d1e4 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -24,5 +24,3 @@ jobs: version: v1.49.0 # Optional: show only new issues if it's a pull request. The default value is `false`. only-new-issues: true - args: --timeout=5m - diff --git a/.golangci.yaml b/.golangci.yaml index 24ae79e..ba367e0 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,5 +1,6 @@ run: go: '1.19' + timeout: 5m linters: disable-all: true diff --git a/README.md b/README.md index e53b1b3..8fdf806 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,9 @@ pentesting process. * [With Nix](#with-nix) * [Via Go](#via-go) * [Usage](#usage) + * [Digging](#digging) + * [Generating](#generating) + * [Fuzzing](#fuzzing) * [Details](#details) * [Updates](#updates) * [Usage warning](#usage-warning) @@ -115,6 +118,8 @@ go install github.com/quarkslab/kdigger@main ## Usage +### Digging + What you generally want to do is running all the buckets with `dig all` or just `d a`: ```bash @@ -180,6 +185,8 @@ Global Flags: -w, --width int Width for the human output (default 140) ``` +### Generating + You can also generate useful templates for pods with security features disabled to escalate privileges when you can create such a pod. See the help for this specific command for more information. @@ -202,6 +209,9 @@ boolean flags to disabled security features. Examples: # Create a custom privileged pod kdigger gen --privileged --image bash --command watch --command date | kubectl apply -f - + # Fuzz the API server admission + kdigger gen --fuzz-pod --fuzz-init --fuzz-container | kubectl apply --dry-run=server -f - + Usage: kdigger gen [name] [flags] @@ -211,11 +221,15 @@ Aliases: Flags: --all Enable everything --command stringArray Container command used (default [sleep,infinitely]) + --fuzz-container Generate a random container security context. (will override other options) + --fuzz-init Generate a random init container security context. + --fuzz-pod Generate a random pod security context. -h, --help help for gen --hostnetwork Add the hostNetwork flag on the whole pod --hostpath Add a hostPath volume to the container --hostpid Add the hostPid flag on the whole pod --image string Container image used (default "busybox") + -n, --namespace string Kubernetes namespace to use --privileged Add the security flag to the security context of the pod --tolerations Add tolerations to be schedulable on most nodes @@ -224,6 +238,28 @@ Global Flags: -w, --width int Width for the human output (default 140) ``` +### Fuzzing + +You can try to fuzz your API admission with `kdigger`, find +[some information in this PR](https://github.com/quarkslab/kdigger/pull/11). +It can be interesting to see if your sets of custom policies are resistant +against randomly generated pod manifest. + +See how `kdigger` can generate random container securityContext: +```console +./kdigger gen --fuzz-container -o json | jq '.spec.containers[].securityContext' +``` + +Or generate a dozen: +```bash +for _ in {1..12}; do ./kdigger gen --fuzz-container -o json | jq '.spec.containers[].securityContext'; done +``` + +Fuzz your admission API with simple commands similar to: +```bash +while true; do ./kdigger gen --fuzz-pod --fuzz-init --fuzz-container | kubectl apply --dry-run=server -f -; done +``` + ## Details ### Updates diff --git a/commands/gen.go b/commands/gen.go index 6a7dbc6..96cc775 100644 --- a/commands/gen.go +++ b/commands/gen.go @@ -12,6 +12,12 @@ var opts kgen.GenerateOpts var genAll bool +var ( + fuzzPod bool + fuzzContainer bool + fuzzInit bool +) + var genCmd = &cobra.Command{ Use: "gen [name] [flags]", Aliases: []string{"generate"}, @@ -30,7 +36,10 @@ boolean flags to disabled security features. Examples: kdigger gen -all mypod | kubectl apply -f - # Create a custom privileged pod - kdigger gen --privileged --image bash --command watch --command date | kubectl apply -f -`, + kdigger gen --privileged --image bash --command watch --command date | kubectl apply -f - + + # Fuzz the API server admission + kdigger gen --fuzz-pod --fuzz-init --fuzz-container | kubectl apply --dry-run=server -f -`, RunE: func(cmd *cobra.Command, args []string) error { // all puts all the boolean flags to true if genAll { @@ -46,6 +55,17 @@ boolean flags to disabled security features. Examples: pod := kgen.Generate(opts) + // optional fuzzing steps + if fuzzPod { + kgen.FuzzPodSecurityContext(&pod.Spec.SecurityContext) + } + if fuzzContainer { + kgen.FuzzContainerSecurityContext(&pod.Spec.Containers[0].SecurityContext) + } + if fuzzInit { + kgen.CopyToInitAndFuzz(&pod.Spec) + } + var p printers.ResourcePrinter if output == outputJSON { p = &printers.JSONPrinter{} @@ -74,4 +94,8 @@ func init() { genCmd.Flags().BoolVar(&opts.HostNetwork, "hostnetwork", false, "Add the hostNetwork flag on the whole pod") genCmd.Flags().BoolVar(&genAll, "all", false, "Enable everything") + + genCmd.Flags().BoolVar(&fuzzPod, "fuzz-pod", false, "Generate a random pod security context.") + genCmd.Flags().BoolVar(&fuzzContainer, "fuzz-container", false, "Generate a random container security context. (will override other options)") + genCmd.Flags().BoolVar(&fuzzInit, "fuzz-init", false, "Generate a random init container security context.") } diff --git a/go.mod b/go.mod index 7d6b402..e742894 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.19 require ( github.com/genuinetools/bpfd v0.0.1 + github.com/google/gofuzz v1.2.0 github.com/jedib0t/go-pretty/v6 v6.3.9 github.com/mitchellh/go-ps v1.0.0 github.com/spf13/cobra v1.5.0 @@ -39,7 +40,6 @@ require ( github.com/google/btree v1.1.2 // indirect github.com/google/gnostic v0.6.9 // indirect github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.3.0 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect diff --git a/pkg/kgen/kgen.go b/pkg/kgen/kgen.go index f224127..b0e156e 100644 --- a/pkg/kgen/kgen.go +++ b/pkg/kgen/kgen.go @@ -1,12 +1,27 @@ package kgen import ( + "strings" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/rand" + + fuzz "github.com/google/gofuzz" + "github.com/syndtr/gocapability/capability" +) + +const ( + // The probability of capabilities to be "ALL" will be 1/fuzzCapabilityAllOrEmptyChances. + fuzzCapabilityAllOrEmptyChances = 6 + fuzzNilChances = .5 + // Chances of putting zero in integers used for runAsUser, runAsGroup, etc. + fuzzIntZeroChances = .2 ) +// Fuzzing will pick a uniform integer between 0 and fuzzCapabilityRandomMaxLen - 1 for capabilities list +var fuzzCapabilityRandomMaxLen = len(capability.List()) + type GenerateOpts struct { Name string Image string @@ -19,6 +34,123 @@ type GenerateOpts struct { Tolerations bool } +var intMutator = func(e *int64, c fuzz.Continue) { + if c.Float64() >= fuzzIntZeroChances { + *e = int64(c.Int31()) + } else { + *e = 0 + } +} + +var seccompMutator = func(e *v1.SeccompProfile, c fuzz.Continue) { + supportedProfileValues := [...]string{"Localhost", "RuntimeDefault", "Unconfined"} + n := c.Intn(len(supportedProfileValues)) + + e.Type = v1.SeccompProfileType(supportedProfileValues[n]) + if e.Type == v1.SeccompProfileType(supportedProfileValues[0]) { + // spec.securityContext.seccompProfile.localhostProfile: Required value: must be set when seccomp type is Localhost + s := c.RandString() + e.LocalhostProfile = &s + } +} + +func FuzzPodSecurityContext(sc **v1.PodSecurityContext) { + f := fuzz.New().NilChance(fuzzNilChances).Funcs( + func(e *v1.Sysctl, c fuzz.Continue) { + // must have at most 253 characters and match regex ^([a-z0-9]([-_a-z0-9]*[a-z0-9])?[\./])*[a-z0-9]([-_a-z0-9]*[a-z0-9])?$ + e.Name = sysctls[c.Intn(len(sysctls))] + c.Fuzz(&e.Value) + }, + func(e *v1.PodFSGroupChangePolicy, c fuzz.Continue) { + if c.Intn(2) == 0 { + *e = v1.FSGroupChangeAlways + } else { + *e = v1.FSGroupChangeOnRootMismatch + } + }, + func(e *[]v1.Sysctl, c fuzz.Continue) { + if c.Float64() >= fuzzNilChances { + uniqSysctls := map[string]v1.Sysctl{} + for n := c.Intn(10); len(uniqSysctls) < n; { + var sysctl v1.Sysctl + c.Fuzz(&sysctl) + uniqSysctls[sysctl.Name] = sysctl + } + for _, v := range uniqSysctls { + *e = append(*e, v) + } + } else { + *e = []v1.Sysctl{} + } + }, + // let's ignore Windows for now + func(e *v1.WindowsSecurityContextOptions, c fuzz.Continue) { + *e = v1.WindowsSecurityContextOptions{} + }, + // for supplementalGroups, runAsUser and runAsGroup value that must be between 0 and 2147483647, inclusive + intMutator, + seccompMutator, + ) + + securityContext := &v1.PodSecurityContext{} + + f.Fuzz(securityContext) + + *sc = securityContext +} + +// FuzzContainerSecurityContext will override the SecurityContext with random (valid) values +func FuzzContainerSecurityContext(sc **v1.SecurityContext) { + // add .NilChange(0) to disable nil pointers generation, by default is 0.2 + f := fuzz.New().NilChance(fuzzNilChances).Funcs( + func(e *v1.WindowsSecurityContextOptions, c fuzz.Continue) { + *e = v1.WindowsSecurityContextOptions{} + }, + func(e *v1.Capability, c fuzz.Continue) { + caps := capability.List() + n := c.Intn(len(caps)) + *e = v1.Capability(strings.ToUpper(caps[n].String())) + }, + func(e *[]v1.Capability, c fuzz.Continue) { + if r := c.Intn(fuzzCapabilityAllOrEmptyChances); r == 0 { + *e = []v1.Capability{"ALL"} + } else if r == 1 { + *e = []v1.Capability{} + } else { + length := c.Intn(fuzzCapabilityRandomMaxLen) + for i := 0; i < length; i++ { + var cap v1.Capability + c.Fuzz(&cap) + *e = append(*e, cap) + } + } + }, + // for runAsUser and runAsGroup value that must be between 0 and 2147483647, inclusive + intMutator, + seccompMutator, + ) + securityContext := &v1.SecurityContext{} + f.Fuzz(securityContext) + + // cannot set `allowPrivilegeEscalation` to false and `privileged` to true + // there are more interdependences, like CAP_SYS_ADMIN imply privileged but + // maybe it's too rare to be interesting + if securityContext.AllowPrivilegeEscalation != nil && !*securityContext.AllowPrivilegeEscalation { + b := false + securityContext.Privileged = &b + } + + *sc = securityContext +} + +func CopyToInitAndFuzz(spec *v1.PodSpec) { + if len(spec.Containers) > 0 { + spec.InitContainers = append(spec.InitContainers, spec.Containers[0]) + spec.InitContainers[0].Name += "-init" + FuzzContainerSecurityContext(&spec.InitContainers[0].SecurityContext) + } +} + func Generate(opts GenerateOpts) *v1.Pod { pod := &v1.Pod{ TypeMeta: metav1.TypeMeta{ diff --git a/pkg/kgen/sysctls.go b/pkg/kgen/sysctls.go new file mode 100644 index 0000000..d2d7442 --- /dev/null +++ b/pkg/kgen/sysctls.go @@ -0,0 +1,1190 @@ +package kgen + +// list retrieved via `sudo sysctl -a | awk '{ print $1 }'` +// on Linux 5.4.0-126-generic #142-Ubuntu SMP Fri Aug 26 12:12:57 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux +var sysctls = [...]string{ + "abi.vsyscall32", + "debug.exception-trace", + "debug.kprobes-optimization", + "dev.cdrom.autoclose", + "dev.cdrom.autoeject", + "dev.cdrom.check_media", + "dev.cdrom.debug", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.info", + "dev.cdrom.lock", + "dev.hpet.max-user-freq", + "dev.raid.speed_limit_max", + "dev.raid.speed_limit_min", + "dev.scsi.logging_level", + "dev.tty.ldisc_autoload", + "fs.aio-max-nr", + "fs.aio-nr", + "fs.binfmt_misc.python3/8", + "fs.binfmt_misc.python3/8", + "fs.binfmt_misc.python3/8", + "fs.binfmt_misc.python3/8", + "fs.binfmt_misc.python3/8", + "fs.binfmt_misc.llvm-12-runtime/binfmt", + "fs.binfmt_misc.llvm-12-runtime/binfmt", + "fs.binfmt_misc.llvm-12-runtime/binfmt", + "fs.binfmt_misc.llvm-12-runtime/binfmt", + "fs.binfmt_misc.llvm-12-runtime/binfmt", + "fs.binfmt_misc.status", + "fs.dentry-state", + "fs.dir-notify-enable", + "fs.epoll.max_user_watches", + "fs.file-max", + "fs.file-nr", + "fs.inode-nr", + "fs.inode-state", + "fs.inotify.max_queued_events", + "fs.inotify.max_user_instances", + "fs.inotify.max_user_watches", + "fs.lease-break-time", + "fs.leases-enable", + "fs.mount-max", + "fs.mqueue.msg_default", + "fs.mqueue.msg_max", + "fs.mqueue.msgsize_default", + "fs.mqueue.msgsize_max", + "fs.mqueue.queues_max", + "fs.nr_open", + "fs.overflowgid", + "fs.overflowuid", + "fs.pipe-max-size", + "fs.pipe-user-pages-hard", + "fs.pipe-user-pages-soft", + "fs.protected_fifos", + "fs.protected_hardlinks", + "fs.protected_regular", + "fs.protected_symlinks", + "fs.quota.allocated_dquots", + "fs.quota.cache_hits", + "fs.quota.drops", + "fs.quota.free_dquots", + "fs.quota.lookups", + "fs.quota.reads", + "fs.quota.syncs", + "fs.quota.writes", + "fs.suid_dumpable", + "fs.verity.require_signatures", + "fs.xfs.error_level", + "fs.xfs.filestream_centisecs", + "fs.xfs.inherit_noatime", + "fs.xfs.inherit_nodefrag", + "fs.xfs.inherit_nodump", + "fs.xfs.inherit_nosymlinks", + "fs.xfs.inherit_sync", + "fs.xfs.irix_sgid_inherit", + "fs.xfs.irix_symlink_mode", + "fs.xfs.panic_mask", + "fs.xfs.rotorstep", + "fs.xfs.speculative_cow_prealloc_lifetime", + "fs.xfs.speculative_prealloc_lifetime", + "fs.xfs.stats_clear", + "fs.xfs.xfssyncd_centisecs", + "kernel.acct", + "kernel.acpi_video_flags", + "kernel.auto_msgmni", + "kernel.bootloader_type", + "kernel.bootloader_version", + "kernel.bpf_stats_enabled", + "kernel.cad_pid", + "kernel.cap_last_cap", + "kernel.core_pattern", + "kernel.core_pipe_limit", + "kernel.core_uses_pid", + "kernel.ctrl-alt-del", + "kernel.dmesg_restrict", + "kernel.domainname", + "kernel.firmware_config.force_sysfs_fallback", + "kernel.firmware_config.ignore_sysfs_fallback", + "kernel.ftrace_dump_on_oops", + "kernel.ftrace_enabled", + "kernel.hardlockup_all_cpu_backtrace", + "kernel.hardlockup_panic", + "kernel.hostname", + "kernel.hotplug", + "kernel.hung_task_check_count", + "kernel.hung_task_check_interval_secs", + "kernel.hung_task_panic", + "kernel.hung_task_timeout_secs", + "kernel.hung_task_warnings", + "kernel.io_delay_type", + "kernel.kexec_load_disabled", + "kernel.keys.gc_delay", + "kernel.keys.maxbytes", + "kernel.keys.maxkeys", + "kernel.keys.persistent_keyring_expiry", + "kernel.keys.root_maxbytes", + "kernel.keys.root_maxkeys", + "kernel.kptr_restrict", + "kernel.max_lock_depth", + "kernel.modprobe", + "kernel.modules_disabled", + "kernel.msg_next_id", + "kernel.msgmax", + "kernel.msgmnb", + "kernel.msgmni", + "kernel.ngroups_max", + "kernel.nmi_watchdog", + "kernel.ns_last_pid", + "kernel.numa_balancing", + "kernel.numa_balancing_scan_delay_ms", + "kernel.numa_balancing_scan_period_max_ms", + "kernel.numa_balancing_scan_period_min_ms", + "kernel.numa_balancing_scan_size_mb", + "kernel.osrelease", + "kernel.ostype", + "kernel.overflowgid", + "kernel.overflowuid", + "kernel.panic", + "kernel.panic_on_io_nmi", + "kernel.panic_on_oops", + "kernel.panic_on_rcu_stall", + "kernel.panic_on_unrecovered_nmi", + "kernel.panic_on_warn", + "kernel.panic_print", + "kernel.perf_cpu_time_max_percent", + "kernel.perf_event_max_contexts_per_stack", + "kernel.perf_event_max_sample_rate", + "kernel.perf_event_max_stack", + "kernel.perf_event_mlock_kb", + "kernel.perf_event_paranoid", + "kernel.pid_max", + "kernel.poweroff_cmd", + "kernel.print-fatal-signals", + "kernel.printk", + "kernel.printk_delay", + "kernel.printk_devkmsg", + "kernel.printk_ratelimit", + "kernel.printk_ratelimit_burst", + "kernel.pty.max", + "kernel.pty.nr", + "kernel.pty.reserve", + "kernel.random.boot_id", + "kernel.random.entropy_avail", + "kernel.random.poolsize", + "kernel.random.urandom_min_reseed_secs", + "kernel.random.uuid", + "kernel.random.write_wakeup_threshold", + "kernel.randomize_va_space", + "kernel.real-root-dev", + "kernel.sched_autogroup_enabled", + "kernel.sched_cfs_bandwidth_slice_us", + "kernel.sched_child_runs_first", + "kernel.sched_domain.cpu0.domain0.busy_factor", + "kernel.sched_domain.cpu0.domain0.cache_nice_tries", + "kernel.sched_domain.cpu0.domain0.flags", + "kernel.sched_domain.cpu0.domain0.imbalance_pct", + "kernel.sched_domain.cpu0.domain0.max_interval", + "kernel.sched_domain.cpu0.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu0.domain0.min_interval", + "kernel.sched_domain.cpu0.domain0.name", + "kernel.sched_domain.cpu1.domain0.busy_factor", + "kernel.sched_domain.cpu1.domain0.cache_nice_tries", + "kernel.sched_domain.cpu1.domain0.flags", + "kernel.sched_domain.cpu1.domain0.imbalance_pct", + "kernel.sched_domain.cpu1.domain0.max_interval", + "kernel.sched_domain.cpu1.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu1.domain0.min_interval", + "kernel.sched_domain.cpu1.domain0.name", + "kernel.sched_domain.cpu10.domain0.busy_factor", + "kernel.sched_domain.cpu10.domain0.cache_nice_tries", + "kernel.sched_domain.cpu10.domain0.flags", + "kernel.sched_domain.cpu10.domain0.imbalance_pct", + "kernel.sched_domain.cpu10.domain0.max_interval", + "kernel.sched_domain.cpu10.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu10.domain0.min_interval", + "kernel.sched_domain.cpu10.domain0.name", + "kernel.sched_domain.cpu11.domain0.busy_factor", + "kernel.sched_domain.cpu11.domain0.cache_nice_tries", + "kernel.sched_domain.cpu11.domain0.flags", + "kernel.sched_domain.cpu11.domain0.imbalance_pct", + "kernel.sched_domain.cpu11.domain0.max_interval", + "kernel.sched_domain.cpu11.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu11.domain0.min_interval", + "kernel.sched_domain.cpu11.domain0.name", + "kernel.sched_domain.cpu12.domain0.busy_factor", + "kernel.sched_domain.cpu12.domain0.cache_nice_tries", + "kernel.sched_domain.cpu12.domain0.flags", + "kernel.sched_domain.cpu12.domain0.imbalance_pct", + "kernel.sched_domain.cpu12.domain0.max_interval", + "kernel.sched_domain.cpu12.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu12.domain0.min_interval", + "kernel.sched_domain.cpu12.domain0.name", + "kernel.sched_domain.cpu13.domain0.busy_factor", + "kernel.sched_domain.cpu13.domain0.cache_nice_tries", + "kernel.sched_domain.cpu13.domain0.flags", + "kernel.sched_domain.cpu13.domain0.imbalance_pct", + "kernel.sched_domain.cpu13.domain0.max_interval", + "kernel.sched_domain.cpu13.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu13.domain0.min_interval", + "kernel.sched_domain.cpu13.domain0.name", + "kernel.sched_domain.cpu14.domain0.busy_factor", + "kernel.sched_domain.cpu14.domain0.cache_nice_tries", + "kernel.sched_domain.cpu14.domain0.flags", + "kernel.sched_domain.cpu14.domain0.imbalance_pct", + "kernel.sched_domain.cpu14.domain0.max_interval", + "kernel.sched_domain.cpu14.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu14.domain0.min_interval", + "kernel.sched_domain.cpu14.domain0.name", + "kernel.sched_domain.cpu15.domain0.busy_factor", + "kernel.sched_domain.cpu15.domain0.cache_nice_tries", + "kernel.sched_domain.cpu15.domain0.flags", + "kernel.sched_domain.cpu15.domain0.imbalance_pct", + "kernel.sched_domain.cpu15.domain0.max_interval", + "kernel.sched_domain.cpu15.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu15.domain0.min_interval", + "kernel.sched_domain.cpu15.domain0.name", + "kernel.sched_domain.cpu16.domain0.busy_factor", + "kernel.sched_domain.cpu16.domain0.cache_nice_tries", + "kernel.sched_domain.cpu16.domain0.flags", + "kernel.sched_domain.cpu16.domain0.imbalance_pct", + "kernel.sched_domain.cpu16.domain0.max_interval", + "kernel.sched_domain.cpu16.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu16.domain0.min_interval", + "kernel.sched_domain.cpu16.domain0.name", + "kernel.sched_domain.cpu17.domain0.busy_factor", + "kernel.sched_domain.cpu17.domain0.cache_nice_tries", + "kernel.sched_domain.cpu17.domain0.flags", + "kernel.sched_domain.cpu17.domain0.imbalance_pct", + "kernel.sched_domain.cpu17.domain0.max_interval", + "kernel.sched_domain.cpu17.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu17.domain0.min_interval", + "kernel.sched_domain.cpu17.domain0.name", + "kernel.sched_domain.cpu18.domain0.busy_factor", + "kernel.sched_domain.cpu18.domain0.cache_nice_tries", + "kernel.sched_domain.cpu18.domain0.flags", + "kernel.sched_domain.cpu18.domain0.imbalance_pct", + "kernel.sched_domain.cpu18.domain0.max_interval", + "kernel.sched_domain.cpu18.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu18.domain0.min_interval", + "kernel.sched_domain.cpu18.domain0.name", + "kernel.sched_domain.cpu19.domain0.busy_factor", + "kernel.sched_domain.cpu19.domain0.cache_nice_tries", + "kernel.sched_domain.cpu19.domain0.flags", + "kernel.sched_domain.cpu19.domain0.imbalance_pct", + "kernel.sched_domain.cpu19.domain0.max_interval", + "kernel.sched_domain.cpu19.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu19.domain0.min_interval", + "kernel.sched_domain.cpu19.domain0.name", + "kernel.sched_domain.cpu2.domain0.busy_factor", + "kernel.sched_domain.cpu2.domain0.cache_nice_tries", + "kernel.sched_domain.cpu2.domain0.flags", + "kernel.sched_domain.cpu2.domain0.imbalance_pct", + "kernel.sched_domain.cpu2.domain0.max_interval", + "kernel.sched_domain.cpu2.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu2.domain0.min_interval", + "kernel.sched_domain.cpu2.domain0.name", + "kernel.sched_domain.cpu20.domain0.busy_factor", + "kernel.sched_domain.cpu20.domain0.cache_nice_tries", + "kernel.sched_domain.cpu20.domain0.flags", + "kernel.sched_domain.cpu20.domain0.imbalance_pct", + "kernel.sched_domain.cpu20.domain0.max_interval", + "kernel.sched_domain.cpu20.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu20.domain0.min_interval", + "kernel.sched_domain.cpu20.domain0.name", + "kernel.sched_domain.cpu21.domain0.busy_factor", + "kernel.sched_domain.cpu21.domain0.cache_nice_tries", + "kernel.sched_domain.cpu21.domain0.flags", + "kernel.sched_domain.cpu21.domain0.imbalance_pct", + "kernel.sched_domain.cpu21.domain0.max_interval", + "kernel.sched_domain.cpu21.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu21.domain0.min_interval", + "kernel.sched_domain.cpu21.domain0.name", + "kernel.sched_domain.cpu22.domain0.busy_factor", + "kernel.sched_domain.cpu22.domain0.cache_nice_tries", + "kernel.sched_domain.cpu22.domain0.flags", + "kernel.sched_domain.cpu22.domain0.imbalance_pct", + "kernel.sched_domain.cpu22.domain0.max_interval", + "kernel.sched_domain.cpu22.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu22.domain0.min_interval", + "kernel.sched_domain.cpu22.domain0.name", + "kernel.sched_domain.cpu23.domain0.busy_factor", + "kernel.sched_domain.cpu23.domain0.cache_nice_tries", + "kernel.sched_domain.cpu23.domain0.flags", + "kernel.sched_domain.cpu23.domain0.imbalance_pct", + "kernel.sched_domain.cpu23.domain0.max_interval", + "kernel.sched_domain.cpu23.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu23.domain0.min_interval", + "kernel.sched_domain.cpu23.domain0.name", + "kernel.sched_domain.cpu24.domain0.busy_factor", + "kernel.sched_domain.cpu24.domain0.cache_nice_tries", + "kernel.sched_domain.cpu24.domain0.flags", + "kernel.sched_domain.cpu24.domain0.imbalance_pct", + "kernel.sched_domain.cpu24.domain0.max_interval", + "kernel.sched_domain.cpu24.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu24.domain0.min_interval", + "kernel.sched_domain.cpu24.domain0.name", + "kernel.sched_domain.cpu25.domain0.busy_factor", + "kernel.sched_domain.cpu25.domain0.cache_nice_tries", + "kernel.sched_domain.cpu25.domain0.flags", + "kernel.sched_domain.cpu25.domain0.imbalance_pct", + "kernel.sched_domain.cpu25.domain0.max_interval", + "kernel.sched_domain.cpu25.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu25.domain0.min_interval", + "kernel.sched_domain.cpu25.domain0.name", + "kernel.sched_domain.cpu26.domain0.busy_factor", + "kernel.sched_domain.cpu26.domain0.cache_nice_tries", + "kernel.sched_domain.cpu26.domain0.flags", + "kernel.sched_domain.cpu26.domain0.imbalance_pct", + "kernel.sched_domain.cpu26.domain0.max_interval", + "kernel.sched_domain.cpu26.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu26.domain0.min_interval", + "kernel.sched_domain.cpu26.domain0.name", + "kernel.sched_domain.cpu27.domain0.busy_factor", + "kernel.sched_domain.cpu27.domain0.cache_nice_tries", + "kernel.sched_domain.cpu27.domain0.flags", + "kernel.sched_domain.cpu27.domain0.imbalance_pct", + "kernel.sched_domain.cpu27.domain0.max_interval", + "kernel.sched_domain.cpu27.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu27.domain0.min_interval", + "kernel.sched_domain.cpu27.domain0.name", + "kernel.sched_domain.cpu28.domain0.busy_factor", + "kernel.sched_domain.cpu28.domain0.cache_nice_tries", + "kernel.sched_domain.cpu28.domain0.flags", + "kernel.sched_domain.cpu28.domain0.imbalance_pct", + "kernel.sched_domain.cpu28.domain0.max_interval", + "kernel.sched_domain.cpu28.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu28.domain0.min_interval", + "kernel.sched_domain.cpu28.domain0.name", + "kernel.sched_domain.cpu29.domain0.busy_factor", + "kernel.sched_domain.cpu29.domain0.cache_nice_tries", + "kernel.sched_domain.cpu29.domain0.flags", + "kernel.sched_domain.cpu29.domain0.imbalance_pct", + "kernel.sched_domain.cpu29.domain0.max_interval", + "kernel.sched_domain.cpu29.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu29.domain0.min_interval", + "kernel.sched_domain.cpu29.domain0.name", + "kernel.sched_domain.cpu3.domain0.busy_factor", + "kernel.sched_domain.cpu3.domain0.cache_nice_tries", + "kernel.sched_domain.cpu3.domain0.flags", + "kernel.sched_domain.cpu3.domain0.imbalance_pct", + "kernel.sched_domain.cpu3.domain0.max_interval", + "kernel.sched_domain.cpu3.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu3.domain0.min_interval", + "kernel.sched_domain.cpu3.domain0.name", + "kernel.sched_domain.cpu30.domain0.busy_factor", + "kernel.sched_domain.cpu30.domain0.cache_nice_tries", + "kernel.sched_domain.cpu30.domain0.flags", + "kernel.sched_domain.cpu30.domain0.imbalance_pct", + "kernel.sched_domain.cpu30.domain0.max_interval", + "kernel.sched_domain.cpu30.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu30.domain0.min_interval", + "kernel.sched_domain.cpu30.domain0.name", + "kernel.sched_domain.cpu31.domain0.busy_factor", + "kernel.sched_domain.cpu31.domain0.cache_nice_tries", + "kernel.sched_domain.cpu31.domain0.flags", + "kernel.sched_domain.cpu31.domain0.imbalance_pct", + "kernel.sched_domain.cpu31.domain0.max_interval", + "kernel.sched_domain.cpu31.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu31.domain0.min_interval", + "kernel.sched_domain.cpu31.domain0.name", + "kernel.sched_domain.cpu4.domain0.busy_factor", + "kernel.sched_domain.cpu4.domain0.cache_nice_tries", + "kernel.sched_domain.cpu4.domain0.flags", + "kernel.sched_domain.cpu4.domain0.imbalance_pct", + "kernel.sched_domain.cpu4.domain0.max_interval", + "kernel.sched_domain.cpu4.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu4.domain0.min_interval", + "kernel.sched_domain.cpu4.domain0.name", + "kernel.sched_domain.cpu5.domain0.busy_factor", + "kernel.sched_domain.cpu5.domain0.cache_nice_tries", + "kernel.sched_domain.cpu5.domain0.flags", + "kernel.sched_domain.cpu5.domain0.imbalance_pct", + "kernel.sched_domain.cpu5.domain0.max_interval", + "kernel.sched_domain.cpu5.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu5.domain0.min_interval", + "kernel.sched_domain.cpu5.domain0.name", + "kernel.sched_domain.cpu6.domain0.busy_factor", + "kernel.sched_domain.cpu6.domain0.cache_nice_tries", + "kernel.sched_domain.cpu6.domain0.flags", + "kernel.sched_domain.cpu6.domain0.imbalance_pct", + "kernel.sched_domain.cpu6.domain0.max_interval", + "kernel.sched_domain.cpu6.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu6.domain0.min_interval", + "kernel.sched_domain.cpu6.domain0.name", + "kernel.sched_domain.cpu7.domain0.busy_factor", + "kernel.sched_domain.cpu7.domain0.cache_nice_tries", + "kernel.sched_domain.cpu7.domain0.flags", + "kernel.sched_domain.cpu7.domain0.imbalance_pct", + "kernel.sched_domain.cpu7.domain0.max_interval", + "kernel.sched_domain.cpu7.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu7.domain0.min_interval", + "kernel.sched_domain.cpu7.domain0.name", + "kernel.sched_domain.cpu8.domain0.busy_factor", + "kernel.sched_domain.cpu8.domain0.cache_nice_tries", + "kernel.sched_domain.cpu8.domain0.flags", + "kernel.sched_domain.cpu8.domain0.imbalance_pct", + "kernel.sched_domain.cpu8.domain0.max_interval", + "kernel.sched_domain.cpu8.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu8.domain0.min_interval", + "kernel.sched_domain.cpu8.domain0.name", + "kernel.sched_domain.cpu9.domain0.busy_factor", + "kernel.sched_domain.cpu9.domain0.cache_nice_tries", + "kernel.sched_domain.cpu9.domain0.flags", + "kernel.sched_domain.cpu9.domain0.imbalance_pct", + "kernel.sched_domain.cpu9.domain0.max_interval", + "kernel.sched_domain.cpu9.domain0.max_newidle_lb_cost", + "kernel.sched_domain.cpu9.domain0.min_interval", + "kernel.sched_domain.cpu9.domain0.name", + "kernel.sched_latency_ns", + "kernel.sched_migration_cost_ns", + "kernel.sched_min_granularity_ns", + "kernel.sched_nr_migrate", + "kernel.sched_rr_timeslice_ms", + "kernel.sched_rt_period_us", + "kernel.sched_rt_runtime_us", + "kernel.sched_schedstats", + "kernel.sched_tunable_scaling", + "kernel.sched_util_clamp_max", + "kernel.sched_util_clamp_min", + "kernel.sched_wakeup_granularity_ns", + "kernel.seccomp.actions_avail", + "kernel.seccomp.actions_logged", + "kernel.sem", + "kernel.sem_next_id", + "kernel.sg-big-buff", + "kernel.shm_next_id", + "kernel.shm_rmid_forced", + "kernel.shmall", + "kernel.shmmax", + "kernel.shmmni", + "kernel.soft_watchdog", + "kernel.softlockup_all_cpu_backtrace", + "kernel.softlockup_panic", + "kernel.stack_tracer_enabled", + "kernel.sysctl_writes_strict", + "kernel.sysrq", + "kernel.tainted", + "kernel.threads-max", + "kernel.timer_migration", + "kernel.traceoff_on_warning", + "kernel.tracepoint_printk", + "kernel.unknown_nmi_panic", + "kernel.unprivileged_bpf_disabled", + "kernel.unprivileged_userns_apparmor_policy", + "kernel.unprivileged_userns_clone", + "kernel.usermodehelper.bset", + "kernel.usermodehelper.inheritable", + "kernel.version", + "kernel.watchdog", + "kernel.watchdog_cpumask", + "kernel.watchdog_thresh", + "kernel.yama.ptrace_scope", + "net.core.bpf_jit_enable", + "net.core.bpf_jit_harden", + "net.core.bpf_jit_kallsyms", + "net.core.bpf_jit_limit", + "net.core.busy_poll", + "net.core.busy_read", + "net.core.default_qdisc", + "net.core.dev_weight", + "net.core.dev_weight_rx_bias", + "net.core.dev_weight_tx_bias", + "net.core.devconf_inherit_init_net", + "net.core.fb_tunnels_only_for_init_net", + "net.core.flow_limit_cpu_bitmap", + "net.core.flow_limit_table_len", + "net.core.gro_normal_batch", + "net.core.high_order_alloc_disable", + "net.core.max_skb_frags", + "net.core.message_burst", + "net.core.message_cost", + "net.core.netdev_budget", + "net.core.netdev_budget_usecs", + "net.core.netdev_max_backlog", + "net.core.netdev_rss_key", + "net.core.netdev_tstamp_prequeue", + "net.core.optmem_max", + "net.core.rmem_default", + "net.core.rmem_max", + "net.core.rps_sock_flow_entries", + "net.core.somaxconn", + "net.core.tstamp_allow_data", + "net.core.warnings", + "net.core.wmem_default", + "net.core.wmem_max", + "net.core.xfrm_acq_expires", + "net.core.xfrm_aevent_etime", + "net.core.xfrm_aevent_rseqth", + "net.core.xfrm_larval_drop", + "net.ipv4.cipso_cache_bucket_size", + "net.ipv4.cipso_cache_enable", + "net.ipv4.cipso_rbm_optfmt", + "net.ipv4.cipso_rbm_strictvalid", + "net.ipv4.conf.all.accept_local", + "net.ipv4.conf.all.accept_redirects", + "net.ipv4.conf.all.accept_source_route", + "net.ipv4.conf.all.arp_accept", + "net.ipv4.conf.all.arp_announce", + "net.ipv4.conf.all.arp_filter", + "net.ipv4.conf.all.arp_ignore", + "net.ipv4.conf.all.arp_notify", + "net.ipv4.conf.all.bc_forwarding", + "net.ipv4.conf.all.bootp_relay", + "net.ipv4.conf.all.disable_policy", + "net.ipv4.conf.all.disable_xfrm", + "net.ipv4.conf.all.drop_gratuitous_arp", + "net.ipv4.conf.all.drop_unicast_in_l2_multicast", + "net.ipv4.conf.all.force_igmp_version", + "net.ipv4.conf.all.forwarding", + "net.ipv4.conf.all.igmpv2_unsolicited_report_interval", + "net.ipv4.conf.all.igmpv3_unsolicited_report_interval", + "net.ipv4.conf.all.ignore_routes_with_linkdown", + "net.ipv4.conf.all.log_martians", + "net.ipv4.conf.all.mc_forwarding", + "net.ipv4.conf.all.medium_id", + "net.ipv4.conf.all.promote_secondaries", + "net.ipv4.conf.all.proxy_arp", + "net.ipv4.conf.all.proxy_arp_pvlan", + "net.ipv4.conf.all.route_localnet", + "net.ipv4.conf.all.rp_filter", + "net.ipv4.conf.all.secure_redirects", + "net.ipv4.conf.all.send_redirects", + "net.ipv4.conf.all.shared_media", + "net.ipv4.conf.all.src_valid_mark", + "net.ipv4.conf.all.tag", + "net.ipv4.conf.default.accept_local", + "net.ipv4.conf.default.accept_redirects", + "net.ipv4.conf.default.accept_source_route", + "net.ipv4.conf.default.arp_accept", + "net.ipv4.conf.default.arp_announce", + "net.ipv4.conf.default.arp_filter", + "net.ipv4.conf.default.arp_ignore", + "net.ipv4.conf.default.arp_notify", + "net.ipv4.conf.default.bc_forwarding", + "net.ipv4.conf.default.bootp_relay", + "net.ipv4.conf.default.disable_policy", + "net.ipv4.conf.default.disable_xfrm", + "net.ipv4.conf.default.drop_gratuitous_arp", + "net.ipv4.conf.default.drop_unicast_in_l2_multicast", + "net.ipv4.conf.default.force_igmp_version", + "net.ipv4.conf.default.forwarding", + "net.ipv4.conf.default.igmpv2_unsolicited_report_interval", + "net.ipv4.conf.default.igmpv3_unsolicited_report_interval", + "net.ipv4.conf.default.ignore_routes_with_linkdown", + "net.ipv4.conf.default.log_martians", + "net.ipv4.conf.default.mc_forwarding", + "net.ipv4.conf.default.medium_id", + "net.ipv4.conf.default.promote_secondaries", + "net.ipv4.conf.default.proxy_arp", + "net.ipv4.conf.default.proxy_arp_pvlan", + "net.ipv4.conf.default.route_localnet", + "net.ipv4.conf.default.rp_filter", + "net.ipv4.conf.default.secure_redirects", + "net.ipv4.conf.default.send_redirects", + "net.ipv4.conf.default.shared_media", + "net.ipv4.conf.default.src_valid_mark", + "net.ipv4.conf.default.tag", + "net.ipv4.conf.enp1s0.accept_local", + "net.ipv4.conf.enp1s0.accept_redirects", + "net.ipv4.conf.enp1s0.accept_source_route", + "net.ipv4.conf.enp1s0.arp_accept", + "net.ipv4.conf.enp1s0.arp_announce", + "net.ipv4.conf.enp1s0.arp_filter", + "net.ipv4.conf.enp1s0.arp_ignore", + "net.ipv4.conf.enp1s0.arp_notify", + "net.ipv4.conf.enp1s0.bc_forwarding", + "net.ipv4.conf.enp1s0.bootp_relay", + "net.ipv4.conf.enp1s0.disable_policy", + "net.ipv4.conf.enp1s0.disable_xfrm", + "net.ipv4.conf.enp1s0.drop_gratuitous_arp", + "net.ipv4.conf.enp1s0.drop_unicast_in_l2_multicast", + "net.ipv4.conf.enp1s0.force_igmp_version", + "net.ipv4.conf.enp1s0.forwarding", + "net.ipv4.conf.enp1s0.igmpv2_unsolicited_report_interval", + "net.ipv4.conf.enp1s0.igmpv3_unsolicited_report_interval", + "net.ipv4.conf.enp1s0.ignore_routes_with_linkdown", + "net.ipv4.conf.enp1s0.log_martians", + "net.ipv4.conf.enp1s0.mc_forwarding", + "net.ipv4.conf.enp1s0.medium_id", + "net.ipv4.conf.enp1s0.promote_secondaries", + "net.ipv4.conf.enp1s0.proxy_arp", + "net.ipv4.conf.enp1s0.proxy_arp_pvlan", + "net.ipv4.conf.enp1s0.route_localnet", + "net.ipv4.conf.enp1s0.rp_filter", + "net.ipv4.conf.enp1s0.secure_redirects", + "net.ipv4.conf.enp1s0.send_redirects", + "net.ipv4.conf.enp1s0.shared_media", + "net.ipv4.conf.enp1s0.src_valid_mark", + "net.ipv4.conf.enp1s0.tag", + "net.ipv4.conf.lo.accept_local", + "net.ipv4.conf.lo.accept_redirects", + "net.ipv4.conf.lo.accept_source_route", + "net.ipv4.conf.lo.arp_accept", + "net.ipv4.conf.lo.arp_announce", + "net.ipv4.conf.lo.arp_filter", + "net.ipv4.conf.lo.arp_ignore", + "net.ipv4.conf.lo.arp_notify", + "net.ipv4.conf.lo.bc_forwarding", + "net.ipv4.conf.lo.bootp_relay", + "net.ipv4.conf.lo.disable_policy", + "net.ipv4.conf.lo.disable_xfrm", + "net.ipv4.conf.lo.drop_gratuitous_arp", + "net.ipv4.conf.lo.drop_unicast_in_l2_multicast", + "net.ipv4.conf.lo.force_igmp_version", + "net.ipv4.conf.lo.forwarding", + "net.ipv4.conf.lo.igmpv2_unsolicited_report_interval", + "net.ipv4.conf.lo.igmpv3_unsolicited_report_interval", + "net.ipv4.conf.lo.ignore_routes_with_linkdown", + "net.ipv4.conf.lo.log_martians", + "net.ipv4.conf.lo.mc_forwarding", + "net.ipv4.conf.lo.medium_id", + "net.ipv4.conf.lo.promote_secondaries", + "net.ipv4.conf.lo.proxy_arp", + "net.ipv4.conf.lo.proxy_arp_pvlan", + "net.ipv4.conf.lo.route_localnet", + "net.ipv4.conf.lo.rp_filter", + "net.ipv4.conf.lo.secure_redirects", + "net.ipv4.conf.lo.send_redirects", + "net.ipv4.conf.lo.shared_media", + "net.ipv4.conf.lo.src_valid_mark", + "net.ipv4.conf.lo.tag", + "net.ipv4.fib_multipath_hash_policy", + "net.ipv4.fib_multipath_use_neigh", + "net.ipv4.fib_sync_mem", + "net.ipv4.fwmark_reflect", + "net.ipv4.icmp_echo_ignore_all", + "net.ipv4.icmp_echo_ignore_broadcasts", + "net.ipv4.icmp_errors_use_inbound_ifaddr", + "net.ipv4.icmp_ignore_bogus_error_responses", + "net.ipv4.icmp_msgs_burst", + "net.ipv4.icmp_msgs_per_sec", + "net.ipv4.icmp_ratelimit", + "net.ipv4.icmp_ratemask", + "net.ipv4.igmp_link_local_mcast_reports", + "net.ipv4.igmp_max_memberships", + "net.ipv4.igmp_max_msf", + "net.ipv4.igmp_qrv", + "net.ipv4.inet_peer_maxttl", + "net.ipv4.inet_peer_minttl", + "net.ipv4.inet_peer_threshold", + "net.ipv4.ip_default_ttl", + "net.ipv4.ip_dynaddr", + "net.ipv4.ip_early_demux", + "net.ipv4.ip_forward", + "net.ipv4.ip_forward_update_priority", + "net.ipv4.ip_forward_use_pmtu", + "net.ipv4.ip_local_port_range", + "net.ipv4.ip_local_reserved_ports", + "net.ipv4.ip_no_pmtu_disc", + "net.ipv4.ip_nonlocal_bind", + "net.ipv4.ip_unprivileged_port_start", + "net.ipv4.ipfrag_high_thresh", + "net.ipv4.ipfrag_low_thresh", + "net.ipv4.ipfrag_max_dist", + "net.ipv4.ipfrag_secret_interval", + "net.ipv4.ipfrag_time", + "net.ipv4.neigh.default.anycast_delay", + "net.ipv4.neigh.default.app_solicit", + "net.ipv4.neigh.default.base_reachable_time_ms", + "net.ipv4.neigh.default.delay_first_probe_time", + "net.ipv4.neigh.default.gc_interval", + "net.ipv4.neigh.default.gc_stale_time", + "net.ipv4.neigh.default.gc_thresh1", + "net.ipv4.neigh.default.gc_thresh2", + "net.ipv4.neigh.default.gc_thresh3", + "net.ipv4.neigh.default.locktime", + "net.ipv4.neigh.default.mcast_resolicit", + "net.ipv4.neigh.default.mcast_solicit", + "net.ipv4.neigh.default.proxy_delay", + "net.ipv4.neigh.default.proxy_qlen", + "net.ipv4.neigh.default.retrans_time_ms", + "net.ipv4.neigh.default.ucast_solicit", + "net.ipv4.neigh.default.unres_qlen", + "net.ipv4.neigh.default.unres_qlen_bytes", + "net.ipv4.neigh.enp1s0.anycast_delay", + "net.ipv4.neigh.enp1s0.app_solicit", + "net.ipv4.neigh.enp1s0.base_reachable_time_ms", + "net.ipv4.neigh.enp1s0.delay_first_probe_time", + "net.ipv4.neigh.enp1s0.gc_stale_time", + "net.ipv4.neigh.enp1s0.locktime", + "net.ipv4.neigh.enp1s0.mcast_resolicit", + "net.ipv4.neigh.enp1s0.mcast_solicit", + "net.ipv4.neigh.enp1s0.proxy_delay", + "net.ipv4.neigh.enp1s0.proxy_qlen", + "net.ipv4.neigh.enp1s0.retrans_time_ms", + "net.ipv4.neigh.enp1s0.ucast_solicit", + "net.ipv4.neigh.enp1s0.unres_qlen", + "net.ipv4.neigh.enp1s0.unres_qlen_bytes", + "net.ipv4.neigh.lo.anycast_delay", + "net.ipv4.neigh.lo.app_solicit", + "net.ipv4.neigh.lo.base_reachable_time_ms", + "net.ipv4.neigh.lo.delay_first_probe_time", + "net.ipv4.neigh.lo.gc_stale_time", + "net.ipv4.neigh.lo.locktime", + "net.ipv4.neigh.lo.mcast_resolicit", + "net.ipv4.neigh.lo.mcast_solicit", + "net.ipv4.neigh.lo.proxy_delay", + "net.ipv4.neigh.lo.proxy_qlen", + "net.ipv4.neigh.lo.retrans_time_ms", + "net.ipv4.neigh.lo.ucast_solicit", + "net.ipv4.neigh.lo.unres_qlen", + "net.ipv4.neigh.lo.unres_qlen_bytes", + "net.ipv4.ping_group_range", + "net.ipv4.raw_l3mdev_accept", + "net.ipv4.route.error_burst", + "net.ipv4.route.error_cost", + "net.ipv4.route.gc_elasticity", + "net.ipv4.route.gc_interval", + "net.ipv4.route.gc_min_interval", + "net.ipv4.route.gc_min_interval_ms", + "net.ipv4.route.gc_thresh", + "net.ipv4.route.gc_timeout", + "net.ipv4.route.max_size", + "net.ipv4.route.min_adv_mss", + "net.ipv4.route.min_pmtu", + "net.ipv4.route.mtu_expires", + "net.ipv4.route.redirect_load", + "net.ipv4.route.redirect_number", + "net.ipv4.route.redirect_silence", + "net.ipv4.tcp_abort_on_overflow", + "net.ipv4.tcp_adv_win_scale", + "net.ipv4.tcp_allowed_congestion_control", + "net.ipv4.tcp_app_win", + "net.ipv4.tcp_autocorking", + "net.ipv4.tcp_available_congestion_control", + "net.ipv4.tcp_available_ulp", + "net.ipv4.tcp_base_mss", + "net.ipv4.tcp_challenge_ack_limit", + "net.ipv4.tcp_comp_sack_delay_ns", + "net.ipv4.tcp_comp_sack_nr", + "net.ipv4.tcp_congestion_control", + "net.ipv4.tcp_dsack", + "net.ipv4.tcp_early_demux", + "net.ipv4.tcp_early_retrans", + "net.ipv4.tcp_ecn", + "net.ipv4.tcp_ecn_fallback", + "net.ipv4.tcp_fack", + "net.ipv4.tcp_fastopen", + "net.ipv4.tcp_fastopen_blackhole_timeout_sec", + "net.ipv4.tcp_fastopen_key", + "net.ipv4.tcp_fin_timeout", + "net.ipv4.tcp_frto", + "net.ipv4.tcp_fwmark_accept", + "net.ipv4.tcp_invalid_ratelimit", + "net.ipv4.tcp_keepalive_intvl", + "net.ipv4.tcp_keepalive_probes", + "net.ipv4.tcp_keepalive_time", + "net.ipv4.tcp_l3mdev_accept", + "net.ipv4.tcp_limit_output_bytes", + "net.ipv4.tcp_low_latency", + "net.ipv4.tcp_max_orphans", + "net.ipv4.tcp_max_reordering", + "net.ipv4.tcp_max_syn_backlog", + "net.ipv4.tcp_max_tw_buckets", + "net.ipv4.tcp_mem", + "net.ipv4.tcp_min_rtt_wlen", + "net.ipv4.tcp_min_snd_mss", + "net.ipv4.tcp_min_tso_segs", + "net.ipv4.tcp_moderate_rcvbuf", + "net.ipv4.tcp_mtu_probe_floor", + "net.ipv4.tcp_mtu_probing", + "net.ipv4.tcp_no_metrics_save", + "net.ipv4.tcp_notsent_lowat", + "net.ipv4.tcp_orphan_retries", + "net.ipv4.tcp_pacing_ca_ratio", + "net.ipv4.tcp_pacing_ss_ratio", + "net.ipv4.tcp_probe_interval", + "net.ipv4.tcp_probe_threshold", + "net.ipv4.tcp_recovery", + "net.ipv4.tcp_reordering", + "net.ipv4.tcp_retrans_collapse", + "net.ipv4.tcp_retries1", + "net.ipv4.tcp_retries2", + "net.ipv4.tcp_rfc1337", + "net.ipv4.tcp_rmem", + "net.ipv4.tcp_rx_skb_cache", + "net.ipv4.tcp_sack", + "net.ipv4.tcp_slow_start_after_idle", + "net.ipv4.tcp_stdurg", + "net.ipv4.tcp_syn_retries", + "net.ipv4.tcp_synack_retries", + "net.ipv4.tcp_syncookies", + "net.ipv4.tcp_thin_linear_timeouts", + "net.ipv4.tcp_timestamps", + "net.ipv4.tcp_tso_win_divisor", + "net.ipv4.tcp_tw_reuse", + "net.ipv4.tcp_tx_skb_cache", + "net.ipv4.tcp_window_scaling", + "net.ipv4.tcp_wmem", + "net.ipv4.tcp_workaround_signed_windows", + "net.ipv4.udp_early_demux", + "net.ipv4.udp_l3mdev_accept", + "net.ipv4.udp_mem", + "net.ipv4.udp_rmem_min", + "net.ipv4.udp_wmem_min", + "net.ipv4.xfrm4_gc_thresh", + "net.ipv6.anycast_src_echo_reply", + "net.ipv6.auto_flowlabels", + "net.ipv6.bindv6only", + "net.ipv6.calipso_cache_bucket_size", + "net.ipv6.calipso_cache_enable", + "net.ipv6.conf.all.accept_dad", + "net.ipv6.conf.all.accept_ra", + "net.ipv6.conf.all.accept_ra_defrtr", + "net.ipv6.conf.all.accept_ra_from_local", + "net.ipv6.conf.all.accept_ra_min_hop_limit", + "net.ipv6.conf.all.accept_ra_mtu", + "net.ipv6.conf.all.accept_ra_pinfo", + "net.ipv6.conf.all.accept_ra_rt_info_max_plen", + "net.ipv6.conf.all.accept_ra_rt_info_min_plen", + "net.ipv6.conf.all.accept_ra_rtr_pref", + "net.ipv6.conf.all.accept_redirects", + "net.ipv6.conf.all.accept_source_route", + "net.ipv6.conf.all.addr_gen_mode", + "net.ipv6.conf.all.autoconf", + "net.ipv6.conf.all.dad_transmits", + "net.ipv6.conf.all.disable_ipv6", + "net.ipv6.conf.all.disable_policy", + "net.ipv6.conf.all.drop_unicast_in_l2_multicast", + "net.ipv6.conf.all.drop_unsolicited_na", + "net.ipv6.conf.all.enhanced_dad", + "net.ipv6.conf.all.force_mld_version", + "net.ipv6.conf.all.force_tllao", + "net.ipv6.conf.all.forwarding", + "net.ipv6.conf.all.hop_limit", + "net.ipv6.conf.all.ignore_routes_with_linkdown", + "net.ipv6.conf.all.keep_addr_on_down", + "net.ipv6.conf.all.max_addresses", + "net.ipv6.conf.all.max_desync_factor", + "net.ipv6.conf.all.mc_forwarding", + "net.ipv6.conf.all.mldv1_unsolicited_report_interval", + "net.ipv6.conf.all.mldv2_unsolicited_report_interval", + "net.ipv6.conf.all.mtu", + "net.ipv6.conf.all.ndisc_notify", + "net.ipv6.conf.all.ndisc_tclass", + "net.ipv6.conf.all.proxy_ndp", + "net.ipv6.conf.all.regen_max_retry", + "net.ipv6.conf.all.router_probe_interval", + "net.ipv6.conf.all.router_solicitation_delay", + "net.ipv6.conf.all.router_solicitation_interval", + "net.ipv6.conf.all.router_solicitation_max_interval", + "net.ipv6.conf.all.router_solicitations", + "net.ipv6.conf.all.seg6_enabled", + "net.ipv6.conf.all.seg6_require_hmac", + "net.ipv6.conf.all.suppress_frag_ndisc", + "net.ipv6.conf.all.temp_prefered_lft", //nolint:misspell + "net.ipv6.conf.all.temp_valid_lft", + "net.ipv6.conf.all.use_oif_addrs_only", + "net.ipv6.conf.all.use_tempaddr", + "net.ipv6.conf.default.accept_dad", + "net.ipv6.conf.default.accept_ra", + "net.ipv6.conf.default.accept_ra_defrtr", + "net.ipv6.conf.default.accept_ra_from_local", + "net.ipv6.conf.default.accept_ra_min_hop_limit", + "net.ipv6.conf.default.accept_ra_mtu", + "net.ipv6.conf.default.accept_ra_pinfo", + "net.ipv6.conf.default.accept_ra_rt_info_max_plen", + "net.ipv6.conf.default.accept_ra_rt_info_min_plen", + "net.ipv6.conf.default.accept_ra_rtr_pref", + "net.ipv6.conf.default.accept_redirects", + "net.ipv6.conf.default.accept_source_route", + "net.ipv6.conf.default.addr_gen_mode", + "net.ipv6.conf.default.autoconf", + "net.ipv6.conf.default.dad_transmits", + "net.ipv6.conf.default.disable_ipv6", + "net.ipv6.conf.default.disable_policy", + "net.ipv6.conf.default.drop_unicast_in_l2_multicast", + "net.ipv6.conf.default.drop_unsolicited_na", + "net.ipv6.conf.default.enhanced_dad", + "net.ipv6.conf.default.force_mld_version", + "net.ipv6.conf.default.force_tllao", + "net.ipv6.conf.default.forwarding", + "net.ipv6.conf.default.hop_limit", + "net.ipv6.conf.default.ignore_routes_with_linkdown", + "net.ipv6.conf.default.keep_addr_on_down", + "net.ipv6.conf.default.max_addresses", + "net.ipv6.conf.default.max_desync_factor", + "net.ipv6.conf.default.mc_forwarding", + "net.ipv6.conf.default.mldv1_unsolicited_report_interval", + "net.ipv6.conf.default.mldv2_unsolicited_report_interval", + "net.ipv6.conf.default.mtu", + "net.ipv6.conf.default.ndisc_notify", + "net.ipv6.conf.default.ndisc_tclass", + "net.ipv6.conf.default.proxy_ndp", + "net.ipv6.conf.default.regen_max_retry", + "net.ipv6.conf.default.router_probe_interval", + "net.ipv6.conf.default.router_solicitation_delay", + "net.ipv6.conf.default.router_solicitation_interval", + "net.ipv6.conf.default.router_solicitation_max_interval", + "net.ipv6.conf.default.router_solicitations", + "net.ipv6.conf.default.seg6_enabled", + "net.ipv6.conf.default.seg6_require_hmac", + "net.ipv6.conf.default.suppress_frag_ndisc", + "net.ipv6.conf.default.temp_prefered_lft", //nolint:misspell + "net.ipv6.conf.default.temp_valid_lft", + "net.ipv6.conf.default.use_oif_addrs_only", + "net.ipv6.conf.default.use_tempaddr", + "net.ipv6.conf.enp1s0.accept_dad", + "net.ipv6.conf.enp1s0.accept_ra", + "net.ipv6.conf.enp1s0.accept_ra_defrtr", + "net.ipv6.conf.enp1s0.accept_ra_from_local", + "net.ipv6.conf.enp1s0.accept_ra_min_hop_limit", + "net.ipv6.conf.enp1s0.accept_ra_mtu", + "net.ipv6.conf.enp1s0.accept_ra_pinfo", + "net.ipv6.conf.enp1s0.accept_ra_rt_info_max_plen", + "net.ipv6.conf.enp1s0.accept_ra_rt_info_min_plen", + "net.ipv6.conf.enp1s0.accept_ra_rtr_pref", + "net.ipv6.conf.enp1s0.accept_redirects", + "net.ipv6.conf.enp1s0.accept_source_route", + "net.ipv6.conf.enp1s0.addr_gen_mode", + "net.ipv6.conf.enp1s0.autoconf", + "net.ipv6.conf.enp1s0.dad_transmits", + "net.ipv6.conf.enp1s0.disable_ipv6", + "net.ipv6.conf.enp1s0.disable_policy", + "net.ipv6.conf.enp1s0.drop_unicast_in_l2_multicast", + "net.ipv6.conf.enp1s0.drop_unsolicited_na", + "net.ipv6.conf.enp1s0.enhanced_dad", + "net.ipv6.conf.enp1s0.force_mld_version", + "net.ipv6.conf.enp1s0.force_tllao", + "net.ipv6.conf.enp1s0.forwarding", + "net.ipv6.conf.enp1s0.hop_limit", + "net.ipv6.conf.enp1s0.ignore_routes_with_linkdown", + "net.ipv6.conf.enp1s0.keep_addr_on_down", + "net.ipv6.conf.enp1s0.max_addresses", + "net.ipv6.conf.enp1s0.max_desync_factor", + "net.ipv6.conf.enp1s0.mc_forwarding", + "net.ipv6.conf.enp1s0.mldv1_unsolicited_report_interval", + "net.ipv6.conf.enp1s0.mldv2_unsolicited_report_interval", + "net.ipv6.conf.enp1s0.mtu", + "net.ipv6.conf.enp1s0.ndisc_notify", + "net.ipv6.conf.enp1s0.ndisc_tclass", + "net.ipv6.conf.enp1s0.proxy_ndp", + "net.ipv6.conf.enp1s0.regen_max_retry", + "net.ipv6.conf.enp1s0.router_probe_interval", + "net.ipv6.conf.enp1s0.router_solicitation_delay", + "net.ipv6.conf.enp1s0.router_solicitation_interval", + "net.ipv6.conf.enp1s0.router_solicitation_max_interval", + "net.ipv6.conf.enp1s0.router_solicitations", + "net.ipv6.conf.enp1s0.seg6_enabled", + "net.ipv6.conf.enp1s0.seg6_require_hmac", + "net.ipv6.conf.enp1s0.suppress_frag_ndisc", + "net.ipv6.conf.enp1s0.temp_prefered_lft", //nolint:misspell + "net.ipv6.conf.enp1s0.temp_valid_lft", + "net.ipv6.conf.enp1s0.use_oif_addrs_only", + "net.ipv6.conf.enp1s0.use_tempaddr", + "net.ipv6.conf.lo.accept_dad", + "net.ipv6.conf.lo.accept_ra", + "net.ipv6.conf.lo.accept_ra_defrtr", + "net.ipv6.conf.lo.accept_ra_from_local", + "net.ipv6.conf.lo.accept_ra_min_hop_limit", + "net.ipv6.conf.lo.accept_ra_mtu", + "net.ipv6.conf.lo.accept_ra_pinfo", + "net.ipv6.conf.lo.accept_ra_rt_info_max_plen", + "net.ipv6.conf.lo.accept_ra_rt_info_min_plen", + "net.ipv6.conf.lo.accept_ra_rtr_pref", + "net.ipv6.conf.lo.accept_redirects", + "net.ipv6.conf.lo.accept_source_route", + "net.ipv6.conf.lo.addr_gen_mode", + "net.ipv6.conf.lo.autoconf", + "net.ipv6.conf.lo.dad_transmits", + "net.ipv6.conf.lo.disable_ipv6", + "net.ipv6.conf.lo.disable_policy", + "net.ipv6.conf.lo.drop_unicast_in_l2_multicast", + "net.ipv6.conf.lo.drop_unsolicited_na", + "net.ipv6.conf.lo.enhanced_dad", + "net.ipv6.conf.lo.force_mld_version", + "net.ipv6.conf.lo.force_tllao", + "net.ipv6.conf.lo.forwarding", + "net.ipv6.conf.lo.hop_limit", + "net.ipv6.conf.lo.ignore_routes_with_linkdown", + "net.ipv6.conf.lo.keep_addr_on_down", + "net.ipv6.conf.lo.max_addresses", + "net.ipv6.conf.lo.max_desync_factor", + "net.ipv6.conf.lo.mc_forwarding", + "net.ipv6.conf.lo.mldv1_unsolicited_report_interval", + "net.ipv6.conf.lo.mldv2_unsolicited_report_interval", + "net.ipv6.conf.lo.mtu", + "net.ipv6.conf.lo.ndisc_notify", + "net.ipv6.conf.lo.ndisc_tclass", + "net.ipv6.conf.lo.proxy_ndp", + "net.ipv6.conf.lo.regen_max_retry", + "net.ipv6.conf.lo.router_probe_interval", + "net.ipv6.conf.lo.router_solicitation_delay", + "net.ipv6.conf.lo.router_solicitation_interval", + "net.ipv6.conf.lo.router_solicitation_max_interval", + "net.ipv6.conf.lo.router_solicitations", + "net.ipv6.conf.lo.seg6_enabled", + "net.ipv6.conf.lo.seg6_require_hmac", + "net.ipv6.conf.lo.suppress_frag_ndisc", + "net.ipv6.conf.lo.temp_prefered_lft", //nolint:misspell + "net.ipv6.conf.lo.temp_valid_lft", + "net.ipv6.conf.lo.use_oif_addrs_only", + "net.ipv6.conf.lo.use_tempaddr", + "net.ipv6.fib_multipath_hash_policy", + "net.ipv6.flowlabel_consistency", + "net.ipv6.flowlabel_reflect", + "net.ipv6.flowlabel_state_ranges", + "net.ipv6.fwmark_reflect", + "net.ipv6.icmp.echo_ignore_all", + "net.ipv6.icmp.echo_ignore_anycast", + "net.ipv6.icmp.echo_ignore_multicast", + "net.ipv6.icmp.ratelimit", + "net.ipv6.icmp.ratemask", + "net.ipv6.idgen_delay", + "net.ipv6.idgen_retries", + "net.ipv6.ip6frag_high_thresh", + "net.ipv6.ip6frag_low_thresh", + "net.ipv6.ip6frag_secret_interval", + "net.ipv6.ip6frag_time", + "net.ipv6.ip_nonlocal_bind", + "net.ipv6.max_dst_opts_length", + "net.ipv6.max_dst_opts_number", + "net.ipv6.max_hbh_length", + "net.ipv6.max_hbh_opts_number", + "net.ipv6.mld_max_msf", + "net.ipv6.mld_qrv", + "net.ipv6.neigh.default.anycast_delay", + "net.ipv6.neigh.default.app_solicit", + "net.ipv6.neigh.default.base_reachable_time_ms", + "net.ipv6.neigh.default.delay_first_probe_time", + "net.ipv6.neigh.default.gc_interval", + "net.ipv6.neigh.default.gc_stale_time", + "net.ipv6.neigh.default.gc_thresh1", + "net.ipv6.neigh.default.gc_thresh2", + "net.ipv6.neigh.default.gc_thresh3", + "net.ipv6.neigh.default.locktime", + "net.ipv6.neigh.default.mcast_resolicit", + "net.ipv6.neigh.default.mcast_solicit", + "net.ipv6.neigh.default.proxy_delay", + "net.ipv6.neigh.default.proxy_qlen", + "net.ipv6.neigh.default.retrans_time_ms", + "net.ipv6.neigh.default.ucast_solicit", + "net.ipv6.neigh.default.unres_qlen", + "net.ipv6.neigh.default.unres_qlen_bytes", + "net.ipv6.neigh.enp1s0.anycast_delay", + "net.ipv6.neigh.enp1s0.app_solicit", + "net.ipv6.neigh.enp1s0.base_reachable_time_ms", + "net.ipv6.neigh.enp1s0.delay_first_probe_time", + "net.ipv6.neigh.enp1s0.gc_stale_time", + "net.ipv6.neigh.enp1s0.locktime", + "net.ipv6.neigh.enp1s0.mcast_resolicit", + "net.ipv6.neigh.enp1s0.mcast_solicit", + "net.ipv6.neigh.enp1s0.proxy_delay", + "net.ipv6.neigh.enp1s0.proxy_qlen", + "net.ipv6.neigh.enp1s0.retrans_time_ms", + "net.ipv6.neigh.enp1s0.ucast_solicit", + "net.ipv6.neigh.enp1s0.unres_qlen", + "net.ipv6.neigh.enp1s0.unres_qlen_bytes", + "net.ipv6.neigh.lo.anycast_delay", + "net.ipv6.neigh.lo.app_solicit", + "net.ipv6.neigh.lo.base_reachable_time_ms", + "net.ipv6.neigh.lo.delay_first_probe_time", + "net.ipv6.neigh.lo.gc_stale_time", + "net.ipv6.neigh.lo.locktime", + "net.ipv6.neigh.lo.mcast_resolicit", + "net.ipv6.neigh.lo.mcast_solicit", + "net.ipv6.neigh.lo.proxy_delay", + "net.ipv6.neigh.lo.proxy_qlen", + "net.ipv6.neigh.lo.retrans_time_ms", + "net.ipv6.neigh.lo.ucast_solicit", + "net.ipv6.neigh.lo.unres_qlen", + "net.ipv6.neigh.lo.unres_qlen_bytes", + "net.ipv6.route.gc_elasticity", + "net.ipv6.route.gc_interval", + "net.ipv6.route.gc_min_interval", + "net.ipv6.route.gc_min_interval_ms", + "net.ipv6.route.gc_thresh", + "net.ipv6.route.gc_timeout", + "net.ipv6.route.max_size", + "net.ipv6.route.min_adv_mss", + "net.ipv6.route.mtu_expires", + "net.ipv6.route.skip_notify_on_dev_down", + "net.ipv6.seg6_flowlabel", + "net.ipv6.xfrm6_gc_thresh", + "net.netfilter.nf_log.0", + "net.netfilter.nf_log.1", + "net.netfilter.nf_log.10", + "net.netfilter.nf_log.11", + "net.netfilter.nf_log.12", + "net.netfilter.nf_log.2", + "net.netfilter.nf_log.3", + "net.netfilter.nf_log.4", + "net.netfilter.nf_log.5", + "net.netfilter.nf_log.6", + "net.netfilter.nf_log.7", + "net.netfilter.nf_log.8", + "net.netfilter.nf_log.9", + "net.netfilter.nf_log_all_netns", + "net.unix.max_dgram_qlen", + "user.max_cgroup_namespaces", + "user.max_inotify_instances", + "user.max_inotify_watches", + "user.max_ipc_namespaces", + "user.max_mnt_namespaces", + "user.max_net_namespaces", + "user.max_pid_namespaces", + "user.max_user_namespaces", + "user.max_uts_namespaces", + "vm.admin_reserve_kbytes", + "vm.block_dump", + "vm.compact_unevictable_allowed", + "vm.dirty_background_bytes", + "vm.dirty_background_ratio", + "vm.dirty_bytes", + "vm.dirty_expire_centisecs", + "vm.dirty_ratio", + "vm.dirty_writeback_centisecs", + "vm.dirtytime_expire_seconds", + "vm.extfrag_threshold", + "vm.hugetlb_shm_group", + "vm.laptop_mode", + "vm.legacy_va_layout", + "vm.lowmem_reserve_ratio", + "vm.max_map_count", + "vm.memory_failure_early_kill", + "vm.memory_failure_recovery", + "vm.min_free_kbytes", + "vm.min_slab_ratio", + "vm.min_unmapped_ratio", + "vm.mmap_min_addr", + "vm.mmap_rnd_bits", + "vm.mmap_rnd_compat_bits", + "vm.nr_hugepages", + "vm.nr_hugepages_mempolicy", + "vm.nr_overcommit_hugepages", + "vm.numa_stat", + "vm.numa_zonelist_order", + "vm.oom_dump_tasks", + "vm.oom_kill_allocating_task", + "vm.overcommit_kbytes", + "vm.overcommit_memory", + "vm.overcommit_ratio", + "vm.page-cluster", + "vm.panic_on_oom", + "vm.percpu_pagelist_fraction", + "vm.stat_interval", + "vm.swappiness", + "vm.unprivileged_userfaultfd", + "vm.user_reserve_kbytes", + "vm.vfs_cache_pressure", + "vm.watermark_boost_factor", + "vm.watermark_scale_factor", + "vm.zone_reclaim_mode", +}