Actually, this is wrong. (Should be lxc.sysctl.* not lxc.sysfs.*) sorry > On January 4, 2019 at 11:29 AM Wolfgang Bumiller <w.bumil...@proxmox.com> > wrote: > > > According do namespaces(7) these should be namespaced (iow. > changing these values on the host they are not propagated to > running containers), so it makes sense to whitelist them. > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > Link: https://github.com/lxc/lxc/issues/989 > --- > src/PVE/LXC/Config.pm | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm > index 56082dd..610adf3 100644 > --- a/src/PVE/LXC/Config.pm > +++ b/src/PVE/LXC/Config.pm > @@ -509,6 +509,17 @@ my $valid_lxc_conf_keys = { > 'lxc.start.order' => 1, > 'lxc.group' => 1, > 'lxc.environment' => 1, > + > + # All these are namespaced via CLONE_NEWIPC (see namespaces(7)). > + 'lxc.sysfs.fs.mqueue' => 1, > + 'lxc.sysfs.kernel.msgmax' => 1, > + 'lxc.sysfs.kernel.msgmnb' => 1, > + 'lxc.sysfs.kernel.msgmni' => 1, > + 'lxc.sysfs.kernel.sem' => 1, > + 'lxc.sysfs.kernel.shmall' => 1, > + 'lxc.sysfs.kernel.shmmax' => 1, > + 'lxc.sysfs.kernel.shmmni' => 1, > + 'lxc.sysfs.kernel.shm_rmid_forced' => 1, > }; > > my $deprecated_lxc_conf_keys = { > -- > 2.11.0 > > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel