[lxc-devel] [lxd-pkg-snap/latest-edge] Bump /proc/sys/kernel/keys/maxkeys out of the box
nobuto-m on Github
lxc-bot at linuxcontainers.org
Fri Sep 11 06:01:01 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 602 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200910/94005881/attachment.bin>
-------------- next part --------------
From 3a3f4d3b7d33ff87847d020d9283b8c79faed26c Mon Sep 17 00:00:00 2001
From: Nobuto Murata <nobuto.murata at canonical.com>
Date: Fri, 11 Sep 2020 14:55:03 +0900
Subject: [PATCH] Bump /proc/sys/kernel/keys/maxkeys out of the box
The default limit as 200 will be obvious when provisioning multiple LXD
containers and installing snap packages into those at the same time.
Let's bump it as well as /proc/sys/fs/inotify/max_user_instances out of
the box. See more details in https://launchpad.net/bugs/1891223
Closes: #65
---
snapcraft/commands/daemon.start | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start
index d3f75ba..9a6ac64 100755
--- a/snapcraft/commands/daemon.start
+++ b/snapcraft/commands/daemon.start
@@ -348,6 +348,13 @@ if [ "$(stat -c '%u' /proc)" = 0 ]; then
fi
fi
+ if [ -e /proc/sys/kernel/keys/maxkeys ]; then
+ if [ "$(cat /proc/sys/kernel/keys/maxkeys)" -lt "2000" ]; then
+ echo "==> Increasing the number of keys for a nonroot user"
+ echo 2000 > /proc/sys/kernel/keys/maxkeys || true
+ fi
+ fi
+
if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then
if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" = "0" ]; then
echo "==> Enabling unprivileged containers kernel support"
More information about the lxc-devel
mailing list