On Wed, Sep 9, 2015 at 10:32 PM, tapczan <[email protected]> wrote: > Increasing memory limit from inside the container: > > # echo 32212254720 > > /sys/fs/cgroup/memory/lxc/dev-c10/memory.memsw.limit_in_bytes > # cat /sys/fs/cgroup/memory/lxc/dev-c10/memory.memsw.limit_in_bytes > 32212254720 > > So I can modify memory limit from inside the container. > > What's interesting I can also modify those values via cgmanager: > > # cgm getvalue memory '/lxc/dev-c10' memory.memsw.limit_in_bytes > method return sender=(null sender) -> dest=(null destination) reply_serial=1 > string "32212254720" > > # cgm setvalue memory '/lxc/dev-c10' memory.memsw.limit_in_bytes 3221225472 > method return sender=(null sender) -> dest=(null destination) reply_serial=1 > > # cgm getvalue memory '/lxc/dev-c10' memory.memsw.limit_in_bytes > method return sender=(null sender) -> dest=(null destination) reply_serial=1 > string "3221225472"
> > I've tried a couple of different lxc versions like: 1.07, 1.12, 1.13 > with the same result. > > The question is how to prevent changing values like memory limits from > inside the container? I think this is one of the consequences of privileged container. unprivileged containers correctly prevents that. From inside the container (I use memory.soft_limit_in_bytes as an example because my kernel doesn't have memsw.limit_in_bytes): root@trusty:/# cat /proc/self/cgroup 12:name=systemd:/user/1000.user/193.session/lxc/trusty 11:perf_event:/user/1000.user/193.session/lxc/trusty 10:net_prio:/user/1000.user/193.session/lxc/trusty 9:net_cls:/user/1000.user/193.session/lxc/trusty 8:memory:/user/1000.user/193.session/lxc/trusty 7:hugetlb:/user/1000.user/193.session/lxc/trusty 6:freezer:/user/1000.user/193.session/lxc/trusty 5:devices:/user/1000.user/193.session/lxc/trusty 4:cpuset:/user/1000.user/193.session/lxc/trusty 3:cpuacct:/user/1000.user/193.session/lxc/trusty 2:cpu:/user/1000.user/193.session/lxc/trusty 1:blkio:/user/1000.user/193.session/lxc/trusty root@trusty:/# cgm getvalue memory . memory.soft_limit_in_bytes 1073741824 root@trusty:/# cgm setvalue memory . memory.soft_limit_in_bytes 2147483648 call to cgmanager_set_value_sync failed: invalid request This is with lxc-1.1.3, cgmanager 0.37 -- Fajar _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
