What were you trying to do that didn't work?

Trying to create pod in OCP cluster using below definition
apiVersion: v1
kind: Pod
metadata:
  name: test-sysctl
spec:
  securityContext:
    sysctls:
    - name: net.ipv4.tcp_max_orphans
      value: "10240"
  containers:
  - name: busybox
    image: busybox
    command: ['sh', '-c', 'sleep 3600']
    securityContext:
      runAsNonRoot: true
      runAsUser: 1000

This failed with below error:

 Failed to create pod sandbox due to failed to pin namespaces [0xc001e7df20 0xc001e7df50 0xc001e7df80]: [pinns:w]: failed to open /proc/sys/net/ipv4/tcp_max_orphans: No such file or directory

What is the impact of this issue to you?

Unable to use the `net.ipv4.tcp_max_orphans` parameter as it is not namespaced.

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

100%

Steps to reproduce

Reproducer steps given in https://issues.redhat.com/browse/OCPBUGS-45164

Expected results

Pod should come up in running with the unsafe sysctl parameter.

Actual results

Pod failed with below error:

1. oc get pods
   NAME          READY   STATUS              RESTARTS   AGE
   test-sysctl   0/1     ContainerCreating   0          43m