On Fri, Jun 8, 2012 at 2:58 PM, Daniel Lezcano <daniel.lezc...@free.fr> wrote: > On 06/07/2012 12:45 PM, Jan Den Ouden wrote: >> Hi, >> >> About a week ago I posted exactly the same question on this list, but I >> didn't get any responses. I have googled high and low for the answer to >> this, but no result. It's not related to capabilities, because you can only >> drop capabilities, not add them. It's not related to the cgroup memory >> controller, because that seems to deal with total memory, not shared >> memory. Therefore, I think it's a bug. > > I tried on a 3.0.0 kernel version and that works. Isn't possible this is > related to app armor ?
Yep, that should be it, as testing with apparmor disabled the following works on guest container in my test system # cat /proc/sys/kernel/shmmax 33554432 # echo 335544320 > /proc/sys/kernel/shmmax # cat /proc/sys/kernel/shmmax 335544320 However the apparmor problem might not seem obvious because there's no apparmor warning on syslog when you try to set shmmax with apparmor enabled. Also: (1) If you ONLY uncomment "lxc.aa_profile=unconfined" (with apparmor still enabled), lxc-start failed with lxc-start: No such file or directory - failed to change apparmor profile to unconfined (2) If you ONLY add /etc/apparmor.d/usr.bin.lxc-start symlink to /etc/apparmor.d/disable, you'd still get permission denied error (3) If you ONLY disable apparmor entirely (/etc/init.d/apparmor teardown), lxc-start failed with lxc-start: No such file or directory - failed to change apparmor profile to lxc-container-default (4) Combining (1) and (2), or (1) and (3), you can set shmmax from inside the guest container so there's probably still a bug (or more) in ubuntu's apparmor-lxc combo. -- Fajar ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
