Currently, if you try and set a sysctl kernel parameter on a container that contains a space, eg net.ipv4.ping_group_range="0 2147483647". A commit will cause an error due to the value not being quoted within the systemd unit file
PermissionError: [Errno 1] failed to run command: systemctl restart vyos-container-anycast-dns-dn42.service returned: exit code: 1 noteworthy: cmd 'systemctl restart vyos-container-anycast-dns-dn42.service' returned (out): returned (err): Job for vyos-container-anycast-dns-dn42.service failed because the control process exited with error code. See "systemctl status vyos-container-anycast-dns-dn42.service" and "journalctl -xeu vyos-container-anycast-dns-dn42.service" for details. [[container]] failed Commit failed
Looking at the systemd unit file, we see the sysctl value is not quoted, therefore causing the ExecStart command to fail
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%n.pid --cidfile %t/%n.cid --cgroups=no-conmon \
--detach --interactive --tty --replace --cap-add=NET_ADMIN --cpus 0 --sysctl net.ipv4.ping_group_range=0 2147483647