moby: [1.11-rc2] Read-only `/proc/sys` breaks compatibility

Output of docker version:

Client:
 Version:      1.11.0-rc2
 API version:  1.23
 Go version:   go1.5.3
 Git commit:   388f544
 Built:        Fri Mar 25 20:30:45 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.11.0-rc2
 API version:  1.23
 Go version:   go1.5.3
 Git commit:   388f544
 Built:        Fri Mar 25 20:30:45 2016
 OS/Arch:      linux/amd64```

Output of docker info:

Containers: 19
 Running: 0
 Paused: 0
 Stopped: 19
Images: 3
Server Version: 1.11.0-rc2
Storage Driver: aufs
 Root Dir: /mnt/sda1/var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 56
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge null host
Kernel Version: 4.1.19-boot2docker
Operating System: Boot2Docker 1.11.0-rc2 (TCL 7.0); HEAD : 9afac98 - Fri Mar 25 20:42:01 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 996 MiB
Name: kube-dev
ID: RRPD:TK6H:7JNN:JHTZ:IRB5:KIXL:UZ2D:YK54:IG7I:A7ZU:I23E:NVUF
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug mode (client): false
Debug mode (server): true
 File Descriptors: 12
 Goroutines: 30
 System Time: 2016-03-30T09:45:11.114379566Z
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
 provider=vmwarefusion

Steps to reproduce the issue:

1. Run any container either with --privileged and try changing settings on eth0 interface

$ docker run --privileged alpine sh -c 'echo 5 >/proc/sys/net/ipv4/neigh/eth0/base_reachable_time'
sh: can't create /proc/sys/net/ipv4/neigh/eth0/base_reachable_time: Read-only file system

Describe the results you received:

Not able to changing network interface settings.

Describe the results you expected:

Expected to work. Used to work up to 1.10.

Additional information you deem important (e.g. issue happens only occasionally):

This breaks compatibility with all prior releases.