[lxc-users] Setting kernel.shmmax in unprivileged containers.

Robert Pendell shinji at elite-systems.org
Thu Jul 31 18:21:25 UTC 2014 

I just tested on my vps with Linode and I was still running on 3.14
(they have 3.15 now) so I checked then rebooted and checked again.
After reboot I was up to 3.15 as provided by the host.  In both cases
/proc as well as all of the contents was owned by root.

shinji at icarus:~$ uname -a
Linux icarus.robertpendell.com 3.14.4-x86_64-linode40 #1 SMP Tue May
13 12:25:05 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
shinji at icarus:~$ ls -ld /proc
dr-xr-xr-x 124 root root 0 May 23 19:26 /proc

shinji at icarus:~$ uname -a
Linux icarus.robertpendell.com 3.15.4-x86_64-linode45 #1 SMP Mon Jul 7
08:42:36 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
shinji at icarus:~$ ls -ld /proc
dr-xr-xr-x 98 root root 0 Jul 31 18:09 /proc
Robert Pendell
shinji at elite-systems.org
A perfect world is one of chaos.


On Thu, Jul 31, 2014 at 10:59 AM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Tiit Kaeeli (kaeeli at quretec.com):
>> On Mon, 28 Jul 2014, Tiit Kaeeli wrote:
>>
>> >Hi,
>> >
>> >I am having a little issue setting kernel.shmmax in LXC
>> >unprivileged container (lxc=1.0.4-0ubuntu0.1)
>> >
>> >In https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1021411
>> >it is stated, that it should be possible since lxc 0.7.5-3ubuntu60
>> >At least there is no information, that it will only apply to
>> >privileged containers.
>> >
>> >I have also tried disabling apparmor and adding
>> >lxc.mount.auto = proc:rw sys:rw
>> >to container conf.
>> >
>> >But still
>> >sysctl: permission denied on key 'kernel.shmmax'
>> >At the same time setting for example
>> >net.ipv6.conf.all.disable_ipv6 succeeds!
>> >
>> >mount -o remount,rw -t proc /proc /proc
>> >mount: permission denied
>> >
>> >/proc/ is owned by nobody.nogroup
>> >
>> >What am I missing?
>>
>>
>> Any ideas? can this be done at all on unprivileged containers?
>
> Hi,
>
> which kernel are yo uon?
>
> I've just noticed that on my utopic (3.16 kernel) laptop I have the
> same problem.  All of /proc is owned by nobody:nogroup.  On my 3.13
> kernel /proc is owned by root, including /proc/sys/kernel/shmmax.
>
> So this looks like a new kernel bug.
>
> -serge
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list