On Sat, May 25, 2019 at 02:02:59PM -0400, Saint Michael wrote: > Thanks to all. I am sorry I touched a heated point. For me using > hard-virtualization for Linux apps is dementia. It should be kept only for > Windows VMs. > For me, the single point of using LXC is to be able to redeploy a complex > app from host to host in a few minutes. I use one-host->one-Container. So > what is the issue of giving all power to the containers? > > On Sat, May 25, 2019 at 1:56 PM jjs - mainphrame <j...@mainphrame.com> wrote: > > > Given the developers stance, perhaps a temporary workaround is in order, > > e.g. ssh-key root login to physical host e.g. "ssh <host> sysctl > > key=value..." > > > > Jake > > > > On Mon, May 20, 2019 at 9:25 AM Saint Michael <vene...@gmail.com> wrote: > > > >> I am trying to use sysctl -p inside an LXC container and it says > >> read only file system > >> how do I give my container all possible rights? > >> Right now I have > >> > >> lxc.mount.auto = cgroup:mixed > >> lxc.tty.max = 10 > >> lxc.pty.max = 1024 > >> lxc.cgroup.devices.allow = c 1:3 rwm > >> lxc.cgroup.devices.allow = c 1:5 rwm > >> lxc.cgroup.devices.allow = c 5:1 rwm > >> lxc.cgroup.devices.allow = c 5:0 rwm > >> lxc.cgroup.devices.allow = c 4:0 rwm > >> lxc.cgroup.devices.allow = c 4:1 rwm > >> lxc.cgroup.devices.allow = c 1:9 rwm > >> lxc.cgroup.devices.allow = c 1:8 rwm > >> lxc.cgroup.devices.allow = c 136:* rwm > >> lxc.cgroup.devices.allow = c 5:2 rwm > >> lxc.cgroup.devices.allow = c 254:0 rwm > >> lxc.cgroup.devices.allow = c 10:137 rwm # loop-control > >> lxc.cgroup.devices.allow = b 7:* rwm # loop* > >> lxc.cgroup.devices.allow = c 10:229 rwm #fuse > >> lxc.cgroup.devices.allow = c 10:200 rwm #docker > >> #lxc.cgroup.memory.limit_in_bytes = 92536870910 > >> lxc.apparmor.profile= unconfined > >> lxc.cgroup.devices.allow= a > >> lxc.cap.drop= > >> lxc.cgroup.devices.deny= > >> #lxc.mount.auto= proc:rw sys:ro cgroup:ro > >> lxc.autodev= 1
Set: lxc.mount.auto= lxc.mount.auto=proc:rw sys:rw cgroup:rw lxc.apparmor.profile=unconfined This for a privileged container should allow all writes through /proc and /sys. As some pointed out, not usually a good idea for a container, but given it's the only thing on your system, that may be fine. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: PGP signature
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
