Hello I have a standard setup of LXC container: name "dev-c10" with option "lxc.mount.auto = cgroup:ro proc:mixed sys:mixed".
Mounts from inside: # mount /dev/loop0 on / type ext4 (rw) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) cgroup on /sys/fs/cgroup type tmpfs (rw) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /dev type tmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) none on /sys/fs/pstore type pstore (rw) proc on /proc/sys/net type proc (rw,noexec,nosuid,nodev,relatime) proc on /proc/sys type proc (rw,noexec,nosuid,nodev,relatime) proc on /proc/sysrq-trigger type proc (rw,noexec,nosuid,nodev,relatime) sysfs on /sys/devices/virtual/net type sysfs (rw,relatime) none on /sys/fs/cgroup/cgmanager type tmpfs (rw,relatime,size=4k,mode=755) devpts on /dev/lxc/console type devpts (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000) devpts on /dev/lxc/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=666) devpts on /dev/lxc/tty2 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=666) devpts on /dev/lxc/tty3 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=666) devpts on /dev/lxc/tty4 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=666) none on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755) Limit 3G memory for the container: # cat /sys/fs/cgroup/memory/lxc/dev-c10/memory.memsw.limit_in_bytes 3221225472 Increasing memory limit from inside the container: # echo 32212254720 > /sys/fs/cgroup/memory/lxc/dev-c10/memory.memsw.limit_in_bytes # cat /sys/fs/cgroup/memory/lxc/dev-c10/memory.memsw.limit_in_bytes 32212254720 So I can modify memory limit from inside the container. What's interesting I can also modify those values via cgmanager: # cgm getvalue memory '/lxc/dev-c10' memory.memsw.limit_in_bytes method return sender=(null sender) -> dest=(null destination) reply_serial=1 string "32212254720" # cgm setvalue memory '/lxc/dev-c10' memory.memsw.limit_in_bytes 3221225472 method return sender=(null sender) -> dest=(null destination) reply_serial=1 # cgm getvalue memory '/lxc/dev-c10' memory.memsw.limit_in_bytes method return sender=(null sender) -> dest=(null destination) reply_serial=1 string "3221225472" I've tried a couple of different lxc versions like: 1.07, 1.12, 1.13 with the same result. The question is how to prevent changing values like memory limits from inside the container? Thanks! _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
