[lxc-devel] [lxd-pkg-snap/latest-edge] Bump /proc/sys/kernel/keys/maxkeys out of the box

nobuto-m on Github lxc-bot at linuxcontainers.org
Fri Sep 11 06:01:01 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 602 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200910/94005881/attachment.bin>
-------------- next part --------------
From 3a3f4d3b7d33ff87847d020d9283b8c79faed26c Mon Sep 17 00:00:00 2001
From: Nobuto Murata <nobuto.murata at canonical.com>
Date: Fri, 11 Sep 2020 14:55:03 +0900
Subject: [PATCH] Bump /proc/sys/kernel/keys/maxkeys out of the box

The default limit as 200 will be obvious when provisioning multiple LXD
containers and installing snap packages into those at the same time.
Let's bump it as well as /proc/sys/fs/inotify/max_user_instances out of
the box. See more details in https://launchpad.net/bugs/1891223

Closes: #65
---
 snapcraft/commands/daemon.start | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start
index d3f75ba..9a6ac64 100755
--- a/snapcraft/commands/daemon.start
+++ b/snapcraft/commands/daemon.start
@@ -348,6 +348,13 @@ if [ "$(stat -c '%u' /proc)" = 0 ]; then
         fi
     fi
 
+    if [ -e /proc/sys/kernel/keys/maxkeys ]; then
+        if [ "$(cat /proc/sys/kernel/keys/maxkeys)" -lt "2000" ]; then
+            echo "==> Increasing the number of keys for a nonroot user"
+            echo 2000 > /proc/sys/kernel/keys/maxkeys || true
+        fi
+    fi
+
     if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then
         if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" = "0" ]; then
             echo "==> Enabling unprivileged containers kernel support"


More information about the lxc-devel mailing list