my_workstation/cookbooks/podman/recipes/_sysctl.rb

#
# Cookbook:: podman
# Recipe:: default
#
# Copyright:: 2022, The Authors, All Rights Reserved.

sysctl 'kernel.unprivileged_userns_clone' do
  value 1
  comment 'Allow ns creation'
  only_if { ::File.exists?('/proc/sys/kernel/unprivileged_userns_clone') }
end

sysctl 'net.ipv4.ping_group_range' do
  value '0 2000000'
  comment 'Enable unprivileged ping'
  not_if { node['virtualization']['system'] }
end