[lxc-users] sysctl -p fails again in container with 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 ?
Serge Hallyn
serge.hallyn at ubuntu.com
Fri May 1 09:57:27 UTC 2015
Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
> Quoting Dan Kegel (dank at kegel.com):
> > On April 23rd, I started seeing this on my ubuntu 14.04 system in an lxc guest:
> > $ sudo /sbin/sysctl -p
> > sysctl: setting key "kernel.sem": Read-only file system
> >
> > Didn't we go through this last year? :-)
> > http://comments.gmane.org/gmane.linux.kernel.containers.lxc.devel/7886
> > Back then, the symptom was different:
> > sysctl: permission denied on key 'kernel.sem'
> >
> > So maybe this is a different problem.
>
> Ah, yes it is. This is because proc:mixed causes /proc/sys to be
> mounted read-only.
Assuming you are running apparmor-enabled, it should be fine to just
run with 'lxc.mount.auto = proc:rw' instead of 'proc:mixed' or 'proc:ro'.
We could and perhaps will add extra rw bind mounts to allow writing
to the namespaced ipc sysctl files, but really I'd rather not...
> Perhaps we should check whether the container is apparmor-protected
> and relax that if so?
More information about the lxc-users
mailing list