Public bug reported: [Impact]
* Allow setting lower pid_max on per namespace basis, to support legacy workloads on modern hosts. * Cherrypick patches from https://gitlab.com/brauner/linux/-/commits/pid_max_namespacing/ [Test Plan] * Launch lxd container and lower pid_max in the container by doing echo 65536 > /path/to/proc/in/c0/mnt/namespace/proc/sys/kernel/pid_max from outside of the container * Observe that pid_max is lowered inside the container relative the host [Where problems could occur] * These are out-of-the-tree sauce patches not yet applied upstream, there appear to be permissions issues inside user namespaces of being able to self-lower the limit without being cap_sysadmin in the parent namespace. Implementation upstream may change, with different permissions and semantics. By default, currently pid_max is very large, and thus it shouldn't be needed to lower that at all on the host. ** Affects: linux (Ubuntu) Importance: Undecided Status: Triaged ** Changed in: linux (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1968886 Title: Provide pid_max namespace support Status in linux package in Ubuntu: Triaged Bug description: [Impact] * Allow setting lower pid_max on per namespace basis, to support legacy workloads on modern hosts. * Cherrypick patches from https://gitlab.com/brauner/linux/-/commits/pid_max_namespacing/ [Test Plan] * Launch lxd container and lower pid_max in the container by doing echo 65536 > /path/to/proc/in/c0/mnt/namespace/proc/sys/kernel/pid_max from outside of the container * Observe that pid_max is lowered inside the container relative the host [Where problems could occur] * These are out-of-the-tree sauce patches not yet applied upstream, there appear to be permissions issues inside user namespaces of being able to self-lower the limit without being cap_sysadmin in the parent namespace. Implementation upstream may change, with different permissions and semantics. By default, currently pid_max is very large, and thus it shouldn't be needed to lower that at all on the host. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968886/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
