Description of problem:
The following parameter has been added to safe sysctls since k8s v1.29[1].

net.ipv4.tcp_keepalive_time
net.ipv4.tcp_fin_timeout
net.ipv4.tcp_keepalive_intvl
net.ipv4.tcp_keepalive_probes
However, the list of safe sysctls returned by SafeSysctlAllowlist() in OpenShift is not updated [2].

[1] https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#safe-and-unsafe-sysctls
[2] https://github.com/openshift/apiserver-library-go/blob/e88385a79b1724850143487d507f606f8540f437/pkg/securitycontextconstraints/sysctl/mustmatchpatterns.go#L32

Due to this, the pod with these safe sysctls configuration is blocked by SCC for non-privileged users.
(Look at "Steps to Reproduce" for details.)

$ oc apply -f pod-sysctl.yaml
Error from server (Forbidden): error when creating "pod-sysctl.yaml": pods "pod-sysctl" is forbidden: unable to validate against any security context constraint: [provider "trident-controller": Forbidden: not usable by user or serviceaccount, provider "anyuid": Forbidden: not usable by user or serviceaccount, pod.spec.securityContext.sysctls[0]: Forbidden: unsafe sysctl "net.ipv4.tcp_fin_timeout" is not allowed, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "trident-node-linux": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Version-Release number of selected component (if applicable):
OpenShift v4.16.4
How reproducible:
Always

Steps to Reproduce:
Step1. Login as a non-privileged user.

$ oc login -u user
Step2. Create the following yaml file and apply it.

$ cat pod-sysctl.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-sysctl
spec:
containers:

• name: con-sysctl
  image: registry.nec.test:5000/ubi8/ubi
  command: ["/bin/bash", "-c", "tail -f /dev/null & wait"]
  securityContext:
  sysctls:
• name: net.ipv4.tcp_fin_timeout
  value: "30"
  $ oc apply -f pod-sysctl.yaml
  Actual results:
  Applying the pod was blocked by SCC.

$ oc apply -f pod-sysctl.yaml
Error from server (Forbidden): error when creating "pod-sysctl.yaml": pods "pod-sysctl" is forbidden: unable to validate against any security context constraint: [provider "trident-controller": Forbidden: not usable by user or serviceaccount, provider "anyuid": Forbidden: not usable by user or serviceaccount, pod.spec.securityContext.sysctls[0]: Forbidden: unsafe sysctl "net.ipv4.tcp_fin_timeout" is not allowed, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "trident-node-linux": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Expected results:
The yaml with safe sysctls can be applied by non-privileged user.
The specified sysctls are enabled in the pod.