[lxc-users] Inotify does not work in a privileged container
David Favor
david at davidfavor.com
Mon Apr 23 13:45:17 UTC 2018
Simos Xenitellis wrote:
> According to this, https://github.com/lxc/lxd/issues/2004
> the "Failed to reset devices.list ..." can be ignored.
>
> There should be some additional lines earlier (not shown) that have a
> hint towards the real issue.
>
> This "InCronD" is probably using "inotify". Search for "inotify" at
> https://github.com/lxc/lxd/blob/master/doc/production-setup.md
> to increase the relevant parameters.
>
> Simos
This is correct.
If you actually check your incrond actions, you'll find they're working.
This depends on settings of your "file watches" sysctl config. Machine
level settings apply to machine + all containers.
If you run out of watches, you'll see syslog (or your Distro equivalent)
or application log file messages about file handle or file watch exhaustion.
A good starting point for machine level settings...
https://github.com/lxc/lxd/blob/master/doc/production-setup.md
Settings I use...
net10 # cat 40-max-pids.conf
kernel.pid_max=1000000
net10 # cat 40-max-user-watches.conf
fs.inotify.max_queued_events=1048576
fs.inotify.max_user_instances=1048576
fs.inotify.max_user_watches=1048576
net10 # cat 40-raid-resync-speed.conf
dev.raid.speed_limit_max=1000
net10 # cat 40-swappiness.conf
vm.swappiness=0
More information about the lxc-users
mailing list