[lxc-users] oracle linux 7 in LXC: ulimit problem for root

Tamas Papp tompos at martos.bme.hu
Wed Nov 25 18:04:26 UTC 2015



On 11/25/2015 04:54 PM, Harald Dunkel wrote:
> On 11/25/2015 02:27 PM, Tamas Papp wrote:
>>
>> On 11/25/2015 02:07 PM, Harald Dunkel wrote:
>>> On 11/25/2015 12:33 PM, Tamas Papp wrote:
>>>> Check out /etc/security/limits.d/ too.
>>>>
>>> Very helpful hint, but there is just a file
>>> 20-nproc.conf. Its all commented out:
>>>
>>> #*          soft    nproc     4096
>>> #root       soft    nproc     unlimited
>>>
>>>
>> Why are you sure, that it's something about the limits?
>> What do you see actually?
>>
> Very easy: Using
>
> 	#* hard nofile 65536
>
> in limits.conf I can login as root via ssh. With
>
> 	* hard nofile 65536
>
> ssh logins as root don't work. Sample session:
>
> 	# ssh lxc1
> 	Last login: Wed Nov 25 11:00:21 2015 from linux.example.com
> 	Connection to lxc1 closed.
> 	#
>
> The system log shows
>
> 	Nov 25 11:08:58 lxc1.example.com sshd[186]: pam_limits(sshd:session): Could not set limit for 'nofile': Operation not permitted
> 	Nov 25 11:08:58 lxc1.example.com sshd[186]: pam_unix(sshd:session): session opened for user root by (uid=0)
> 	Nov 25 11:08:58 lxc1.example.com sshd[186]: error: PAM: pam_open_session(): Permission denied
>
> The documentation for limits.conf states clearly that a wildcard
> construct like
>
> 	* hard nofile 65536
>
> does *not* apply to root. IMHO it shouldn't fail.

Now I understand, what your problem is. I thought, you're still not able 
to login.

Yes, it's a known issue. There are other similar limitations too:)


t


More information about the lxc-users mailing list