Thanks Finally some help! On Sat, May 25, 2019 at 9:07 PM Stéphane Graber <stgra...@ubuntu.com> wrote:
> On Sat, May 25, 2019 at 02:02:59PM -0400, Saint Michael wrote: > > Thanks to all. I am sorry I touched a heated point. For me using > > hard-virtualization for Linux apps is dementia. It should be kept only > for > > Windows VMs. > > For me, the single point of using LXC is to be able to redeploy a complex > > app from host to host in a few minutes. I use one-host->one-Container. So > > what is the issue of giving all power to the containers? > > > > On Sat, May 25, 2019 at 1:56 PM jjs - mainphrame <j...@mainphrame.com> > wrote: > > > > > Given the developers stance, perhaps a temporary workaround is in > order, > > > e.g. ssh-key root login to physical host e.g. "ssh <host> sysctl > > > key=value..." > > > > > > Jake > > > > > > On Mon, May 20, 2019 at 9:25 AM Saint Michael <vene...@gmail.com> > wrote: > > > > > >> I am trying to use sysctl -p inside an LXC container and it says > > >> read only file system > > >> how do I give my container all possible rights? > > >> Right now I have > > >> > > >> lxc.mount.auto = cgroup:mixed > > >> lxc.tty.max = 10 > > >> lxc.pty.max = 1024 > > >> lxc.cgroup.devices.allow = c 1:3 rwm > > >> lxc.cgroup.devices.allow = c 1:5 rwm > > >> lxc.cgroup.devices.allow = c 5:1 rwm > > >> lxc.cgroup.devices.allow = c 5:0 rwm > > >> lxc.cgroup.devices.allow = c 4:0 rwm > > >> lxc.cgroup.devices.allow = c 4:1 rwm > > >> lxc.cgroup.devices.allow = c 1:9 rwm > > >> lxc.cgroup.devices.allow = c 1:8 rwm > > >> lxc.cgroup.devices.allow = c 136:* rwm > > >> lxc.cgroup.devices.allow = c 5:2 rwm > > >> lxc.cgroup.devices.allow = c 254:0 rwm > > >> lxc.cgroup.devices.allow = c 10:137 rwm # loop-control > > >> lxc.cgroup.devices.allow = b 7:* rwm # loop* > > >> lxc.cgroup.devices.allow = c 10:229 rwm #fuse > > >> lxc.cgroup.devices.allow = c 10:200 rwm #docker > > >> #lxc.cgroup.memory.limit_in_bytes = 92536870910 > > >> lxc.apparmor.profile= unconfined > > >> lxc.cgroup.devices.allow= a > > >> lxc.cap.drop= > > >> lxc.cgroup.devices.deny= > > >> #lxc.mount.auto= proc:rw sys:ro cgroup:ro > > >> lxc.autodev= 1 > > Set: > > lxc.mount.auto= > lxc.mount.auto=proc:rw sys:rw cgroup:rw > lxc.apparmor.profile=unconfined > > > This for a privileged container should allow all writes through /proc and > /sys. > As some pointed out, not usually a good idea for a container, but given > it's the only thing on your system, that may be fine. > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
