[lxc-users] oracle linux 7 in LXC: ulimit problem for root
Saint Michael
venefax at gmail.com
Wed Nov 25 16:01:15 UTC 2015
This is an important issue.
On Wed, Nov 25, 2015 at 10:54 AM, Harald Dunkel <harald.dunkel at aixigo.de>
wrote:
> On 11/25/2015 02:27 PM, Tamas Papp wrote:
> >
> >
> > On 11/25/2015 02:07 PM, Harald Dunkel wrote:
> >> On 11/25/2015 12:33 PM, Tamas Papp wrote:
> >>> Check out /etc/security/limits.d/ too.
> >>>
> >> Very helpful hint, but there is just a file
> >> 20-nproc.conf. Its all commented out:
> >>
> >> #* soft nproc 4096
> >> #root soft nproc unlimited
> >>
> >>
> >
> > Why are you sure, that it's something about the limits?
> > What do you see actually?
> >
>
> Very easy: Using
>
> #* hard nofile 65536
>
> in limits.conf I can login as root via ssh. With
>
> * hard nofile 65536
>
> ssh logins as root don't work. Sample session:
>
> # ssh lxc1
> Last login: Wed Nov 25 11:00:21 2015 from linux.example.com
> Connection to lxc1 closed.
> #
>
> The system log shows
>
> Nov 25 11:08:58 lxc1.example.com sshd[186]:
> pam_limits(sshd:session): Could not set limit for 'nofile': Operation not
> permitted
> Nov 25 11:08:58 lxc1.example.com sshd[186]:
> pam_unix(sshd:session): session opened for user root by (uid=0)
> Nov 25 11:08:58 lxc1.example.com sshd[186]: error: PAM:
> pam_open_session(): Permission denied
>
> The documentation for limits.conf states clearly that a wildcard
> construct like
>
> * hard nofile 65536
>
> does *not* apply to root. IMHO it shouldn't fail.
>
>
> :-{
> Harri
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151125/a5b9724a/attachment.html>
More information about the lxc-users
mailing list