[lxc-users] not allowed to change kernel parameters inside container
Saint Michael
venefax at gmail.com
Tue May 28 12:43:12 UTC 2019
I actually think that lxc.net.0.type = none is the solution to all my
problems. All I need to access my host is to use a different SSH port.
I didn't know this one. Thanks to all of you.
On Tue, May 28, 2019 at 1:47 AM Fajar A. Nugraha <list at fajar.net> wrote:
> On Tue, May 28, 2019 at 12:39 PM Saint Michael <venefax at gmail.com> wrote:
>
>> This
>> "host and container can't have services run on the same port (e.g. if you
>> want sshd on both host and container, you need to change the listening port
>> for one of them)"
>> is untrue.
>> each container in my case has a different IP address, the host has
>> another one, and I run SSHD inside each container just fine.
>>
>>
> That is indeed the case for normal container setup. However you repeatedly
> said you want to be able to set net.core.rmem_max (and friends) from inside
> the container, which requires a not-normal setup.
>
> If you want to be able to do that from inside the container, you need the
> container to share host networking (lxc.net.0.type = none). It comes with
> its own consequences, thus the warnings above.
>
> If you want to keep having separate ip for the host and container, then
> you can't set net.core.rmem_max from inside the container. However, as
> someone point out earlier, you can simply setup passwordless ssh, and have
> container set it using ssh to the host during boot time.
>
> --
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20190528/4bf0a0aa/attachment.html>
More information about the lxc-users
mailing list