[lxc-users] Setting kernel.shmmax in unprivileged containers.
Tiit Kaeeli
kaeeli at quretec.com
Fri Aug 1 10:53:38 UTC 2014
On Thu, 31 Jul 2014, Serge Hallyn wrote:
> Quoting Tiit Kaeeli (kaeeli at quretec.com):
>> On Mon, 28 Jul 2014, Tiit Kaeeli wrote:
>>
>> >Hi,
>> >
>> >I am having a little issue setting kernel.shmmax in LXC
>> >unprivileged container (lxc=1.0.4-0ubuntu0.1)
>> >
>> >In https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1021411
>> >it is stated, that it should be possible since lxc 0.7.5-3ubuntu60
>> >At least there is no information, that it will only apply to
>> >privileged containers.
>> >
>> >I have also tried disabling apparmor and adding
>> >lxc.mount.auto = proc:rw sys:rw
>> >to container conf.
>> >
>> >But still
>> >sysctl: permission denied on key 'kernel.shmmax'
>> >At the same time setting for example
>> >net.ipv6.conf.all.disable_ipv6 succeeds!
>> >
>> >mount -o remount,rw -t proc /proc /proc
>> >mount: permission denied
>> >
>> >/proc/ is owned by nobody.nogroup
>> >
>> >What am I missing?
>>
>>
>> Any ideas? can this be done at all on unprivileged containers?
>
> Hi,
>
> which kernel are yo uon?
>
> I've just noticed that on my utopic (3.16 kernel) laptop I have the
> same problem. All of /proc is owned by nobody:nogroup. On my 3.13
> kernel /proc is owned by root, including /proc/sys/kernel/shmmax.
>
> So this looks like a new kernel bug.
>
> -serge
I have 3.13.0-32-generic kernel. And have not tested others (yet), but
will do it.
More information about the lxc-users
mailing list