[lxc-users] not allowed to change kernel parameters inside container

Saint Michael venefax at gmail.com
Sun May 26 01:28:24 UTC 2019


Thanks
Finally some help!

On Sat, May 25, 2019 at 9:07 PM Stéphane Graber <stgraber at ubuntu.com> wrote:

> On Sat, May 25, 2019 at 02:02:59PM -0400, Saint Michael wrote:
> > Thanks to all. I am sorry I touched a heated point. For me using
> > hard-virtualization for Linux apps is dementia. It should be kept only
> for
> > Windows VMs.
> > For me, the single point of using LXC is to be able to redeploy a complex
> > app from host to host in a few minutes. I use one-host->one-Container. So
> > what is the issue of giving all power to the containers?
> >
> > On Sat, May 25, 2019 at 1:56 PM jjs - mainphrame <jjs at mainphrame.com>
> wrote:
> >
> > > Given the developers stance, perhaps a temporary workaround is in
> order,
> > > e.g. ssh-key root login to physical host e.g. "ssh <host> sysctl
> > > key=value..."
> > >
> > > Jake
> > >
> > > On Mon, May 20, 2019 at 9:25 AM Saint Michael <venefax at gmail.com>
> wrote:
> > >
> > >> I am trying to use sysctl -p inside an LXC container and it says
> > >> read only file system
> > >> how do I give my container all possible rights?
> > >> Right now I have
> > >>
> > >> lxc.mount.auto = cgroup:mixed
> > >> lxc.tty.max = 10
> > >> lxc.pty.max = 1024
> > >> lxc.cgroup.devices.allow = c 1:3 rwm
> > >> lxc.cgroup.devices.allow = c 1:5 rwm
> > >> lxc.cgroup.devices.allow = c 5:1 rwm
> > >> lxc.cgroup.devices.allow = c 5:0 rwm
> > >> lxc.cgroup.devices.allow = c 4:0 rwm
> > >> lxc.cgroup.devices.allow = c 4:1 rwm
> > >> lxc.cgroup.devices.allow = c 1:9 rwm
> > >> lxc.cgroup.devices.allow = c 1:8 rwm
> > >> lxc.cgroup.devices.allow = c 136:* rwm
> > >> lxc.cgroup.devices.allow = c 5:2 rwm
> > >> lxc.cgroup.devices.allow = c 254:0 rwm
> > >> lxc.cgroup.devices.allow = c 10:137 rwm # loop-control
> > >> lxc.cgroup.devices.allow = b 7:* rwm    # loop*
> > >> lxc.cgroup.devices.allow = c 10:229 rwm #fuse
> > >> lxc.cgroup.devices.allow = c 10:200 rwm #docker
> > >> #lxc.cgroup.memory.limit_in_bytes = 92536870910
> > >> lxc.apparmor.profile= unconfined
> > >> lxc.cgroup.devices.allow= a
> > >> lxc.cap.drop=
> > >> lxc.cgroup.devices.deny=
> > >> #lxc.mount.auto= proc:rw sys:ro cgroup:ro
> > >> lxc.autodev= 1
>
> Set:
>
> lxc.mount.auto=
> lxc.mount.auto=proc:rw sys:rw cgroup:rw
> lxc.apparmor.profile=unconfined
>
>
> This for a privileged container should allow all writes through /proc and
> /sys.
> As some pointed out, not usually a good idea for a container, but given
> it's the only thing on your system, that may be fine.
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20190525/0b734fd4/attachment.html>


More information about the lxc-users mailing list