On 1/4/19 12:35 PM, Wolfgang Bumiller wrote: > According do namespaces(7) these should be namespaced (iow. > changing these values on the host they are not propagated to > running containers), so it makes sense to whitelist them. > > Note that these only work when also using > 'lxc.mount.auto: proc:rw' > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > Link: https://github.com/lxc/lxc/issues/989 > --- > Changes to v2: > * lxc.sysfs -> lxc.sysctl > * Added a note about the required lxc.mount.auto entry to the commit > message > > src/PVE/LXC/Config.pm | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm > index 56082dd..061ec8e 100644 > --- a/src/PVE/LXC/Config.pm > +++ b/src/PVE/LXC/Config.pm > @@ -509,6 +509,17 @@ my $valid_lxc_conf_keys = { > 'lxc.start.order' => 1, > 'lxc.group' => 1, > 'lxc.environment' => 1, > + > + # All these are namespaced via CLONE_NEWIPC (see namespaces(7)). > + 'lxc.sysctl.fs.mqueue' => 1, > + 'lxc.sysctl.kernel.msgmax' => 1, > + 'lxc.sysctl.kernel.msgmnb' => 1, > + 'lxc.sysctl.kernel.msgmni' => 1, > + 'lxc.sysctl.kernel.sem' => 1, > + 'lxc.sysctl.kernel.shmall' => 1, > + 'lxc.sysctl.kernel.shmmax' => 1, > + 'lxc.sysctl.kernel.shmmni' => 1, > + 'lxc.sysctl.kernel.shm_rmid_forced' => 1, > }; > > my $deprecated_lxc_conf_keys = { >
applied, thanks! _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel