- /* If the sysctl is not available in the kernel or we are running with reduced privileges and
- * cannot write it, then log about the issue, and proceed without failing. (EROFS is treated
- * as a permission problem here, since that's how container managers usually protected their
- * sysctls.) In all other cases log an error and make the tool fail. */
- if (ignore_failure || r == -EROFS || ERRNO_IS_PRIVILEGE(r))
+ /* Proceed without failing if ignore_failure is true.
+ * If the sysctl is not available in the kernel or we are running with reduced privileges and
+ * cannot write it, then log about the issue, and proceed without failing. Unless strict mode
+ * (arg_strict = true) is enabled, in which case we should fail. (EROFS is treated as a
+ * permission problem here, since that's how container managers usually protected their
+ * sysctls.)
+ * In all other cases log an error and make the tool fail. */
+ if (ignore_failure || (!arg_strict && (r == -EROFS || ERRNO_IS_PRIVILEGE(r))))