On Thu, 9 Oct 2014 16:05:19 +0000 Serge Hallyn <[email protected]> wrote:
> Quoting Bertrand Paquet ([email protected]): > > Hi all, > > > > I have noticed that changing the overcommit > > (/proc/sys/vm/overcommit_memory) mode inside a container change the > > overcommit mode of the host. Is it normal ? > > Yes, sadly those are not namespaced. The apparmor (and hopefully > selinux, I'm not sure bc I'm not sure what the selinux type on that > file is) profiles don't allow writing to those. Yep, the selinux policy doesn't allow lxc_t to write to sysctl_vm_t either. > > For /proc/sys/kernel/shmmax, the value seems to be local to the > > container. > > > > Regards, > > > > Bertrand > > > > PS : my LXC version : 1.0.1 > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
