Refresh net.core.somaxcomm (or any sysctl property) for docker containers

Question

I am trying to change net.core.somaxconn for docker container to be able to have larger queue of requests for my web application.

On OS, outside docker,

Answer 1

Update: This answer is obsolete as Docker now supports the docker run --sysctl option!

The solution I use for my OpenVPN container is to enter the container namespace with full capabilities using nsenter, remounting /proc/sys read-write temporarily, setting stuff up and remounting it read-only again.

Here an example, enabling IPv6 forwarding in the container:

CONTAINER_NAME=openvpn

# enable ipv6 forwarding via nsenter
container_pid=`docker inspect -f '{{.State.Pid}}' $CONTAINER_NAME`
nsenter --target $container_pid --mount --uts --ipc --net --pid \
   /bin/sh -c '/usr/bin/mount /proc/sys -o remount,rw;
               /usr/sbin/sysctl -q net.ipv6.conf.all.forwarding=1;
               /usr/bin/mount /proc/sys -o remount,ro;
               /usr/bin/mount /proc -o remount,rw # restore rw on /proc'

This way the container does not need to run privileged.