[lxc-users] sysctl -p no longer allowed in container
Dan Kegel
dank at kegel.com
Tue Apr 29 19:17:14 UTC 2014
Think I should file a bug? (And against what?)
- Dan
On Tue, Apr 29, 2014 at 12:15 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Dan Kegel (dank at kegel.com):
>> My scripts were (unwisely) expecting to be able to do things like
>> echo "kernel.sem = 250 65536 32 32768" | sudo tee -a /etc/sysctl.conf
>> sudo /sbin/sysctl -p
>> inside the container. Tsk. I seem to have gotten away with it in
>> Ubuntu 12.04, but Ubuntu 14.04 complains
>> + sudo /sbin/sysctl -p
>> sysctl: permission denied on key 'kernel.sem'
>>
>> That makes sense -- containers shouldn't be able to tweak kernel parameters.
>> So now I'm rejiggering my scripts to do that outside the container.
>>
>> Onwards!
>
> Hm, actually i think that one should be fine. The apparmor profile
> excempts /proc/sys/kernel/shm*, and it looks like /proc/sys/kernel/sem
> should also be allowed as it looks to be correctly namespaced - i.e
> the container won't affect the host's settings.
>
> -serge
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list