According do namespaces(7) these should be namespaced (iow. changing these values on the host they are not propagated to running containers), so it makes sense to whitelist them.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Link: https://github.com/lxc/lxc/issues/989 --- src/PVE/LXC/Config.pm | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm index 56082dd..610adf3 100644 --- a/src/PVE/LXC/Config.pm +++ b/src/PVE/LXC/Config.pm @@ -509,6 +509,17 @@ my $valid_lxc_conf_keys = { 'lxc.start.order' => 1, 'lxc.group' => 1, 'lxc.environment' => 1, + + # All these are namespaced via CLONE_NEWIPC (see namespaces(7)). + 'lxc.sysfs.fs.mqueue' => 1, + 'lxc.sysfs.kernel.msgmax' => 1, + 'lxc.sysfs.kernel.msgmnb' => 1, + 'lxc.sysfs.kernel.msgmni' => 1, + 'lxc.sysfs.kernel.sem' => 1, + 'lxc.sysfs.kernel.shmall' => 1, + 'lxc.sysfs.kernel.shmmax' => 1, + 'lxc.sysfs.kernel.shmmni' => 1, + 'lxc.sysfs.kernel.shm_rmid_forced' => 1, }; my $deprecated_lxc_conf_keys = { -- 2.11.0 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
