[lxc-users] Setting kernel.shmmax in unprivileged containers.
Tiit Kaeeli
kaeeli at quretec.com
Mon Aug 11 14:57:49 UTC 2014
So something must be wrong in my configuration.
I have changed /usr/share/lxc/config/ubuntu.common.conf:
# lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.auto = proc:rw
And have not found anything else regarding mounting of /proc
But this does not help.
(server is running Ubuntu Trusty)
On Thu, 31 Jul 2014, Robert Pendell wrote:
> I just tested on my vps with Linode and I was still running on 3.14
> (they have 3.15 now) so I checked then rebooted and checked again.
> After reboot I was up to 3.15 as provided by the host. In both cases
> /proc as well as all of the contents was owned by root.
>
> shinji at icarus:~$ uname -a
> Linux icarus.robertpendell.com 3.14.4-x86_64-linode40 #1 SMP Tue May
> 13 12:25:05 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
> shinji at icarus:~$ ls -ld /proc
> dr-xr-xr-x 124 root root 0 May 23 19:26 /proc
>
> shinji at icarus:~$ uname -a
> Linux icarus.robertpendell.com 3.15.4-x86_64-linode45 #1 SMP Mon Jul 7
> 08:42:36 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
> shinji at icarus:~$ ls -ld /proc
> dr-xr-xr-x 98 root root 0 Jul 31 18:09 /proc
> Robert Pendell
> shinji at elite-systems.org
> A perfect world is one of chaos.
>
>
> On Thu, Jul 31, 2014 at 10:59 AM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>> Quoting Tiit Kaeeli (kaeeli at quretec.com):
>>> On Mon, 28 Jul 2014, Tiit Kaeeli wrote:
>>>
>>> >Hi,
>>> >
>>> >I am having a little issue setting kernel.shmmax in LXC
>>> >unprivileged container (lxc=1.0.4-0ubuntu0.1)
>>> >
>>> >In https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1021411
>>> >it is stated, that it should be possible since lxc 0.7.5-3ubuntu60
>>> >At least there is no information, that it will only apply to
>>> >privileged containers.
>>> >
>>> >I have also tried disabling apparmor and adding
>>> >lxc.mount.auto = proc:rw sys:rw
>>> >to container conf.
>>> >
>>> >But still
>>> >sysctl: permission denied on key 'kernel.shmmax'
>>> >At the same time setting for example
>>> >net.ipv6.conf.all.disable_ipv6 succeeds!
>>> >
>>> >mount -o remount,rw -t proc /proc /proc
>>> >mount: permission denied
>>> >
>>> >/proc/ is owned by nobody.nogroup
>>> >
>>> >What am I missing?
>>>
>>>
>>> Any ideas? can this be done at all on unprivileged containers?
>>
>> Hi,
>>
>> which kernel are yo uon?
>>
>> I've just noticed that on my utopic (3.16 kernel) laptop I have the
>> same problem. All of /proc is owned by nobody:nogroup. On my 3.13
>> kernel /proc is owned by root, including /proc/sys/kernel/shmmax.
>>
>> So this looks like a new kernel bug.
>>
>> -serge
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
--
Tiit Kaeeli
OU Quretec
tiit.kaeeli at quretec.com
Tel:+372 5 070 359
More information about the lxc-users
mailing list