Christian Seiler wrote: > On 05/03/2015 08:43 AM, Johannes Graumann wrote: >> I'm playing with unpriviledged lxc containers according to >> http://tinyurl.com/kvzxlvj on jessie. In order to lxc-create as a >> non-root user I have to do >> >> PROMPT> echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children >> PROMPT> echo 1 > /proc/sys/kernel/unprivileged_userns_clone >> >> How can I make those setting persistent such that they are automatically >> (re)set upon reboot? > > The second one is trivial: create a file /etc/sysctl.d/10-unpriv-lxc > with the following contents: > > kernel.unprivileged_userns_clone = 1 > > Then on boot this setting will be automatically applied. > > If you want to activate clone_children for the cgroup automatically at > boot, you kind-of need to do that manually. I'm going to assume you're > using systemd as init system on the host (because it's the default and > you didn't mention anything else [1]). The easiest way is to simply > create a file /etc/systemd/system/setup-clone-children.service: > > [Unit] > Description=Setup cpuset cgroup clone_children for LXC > DefaultDependencies=no > Conflicts=shutdown.target > Before=sysinit.target shutdown.target > > [Service] > Type=oneshot > ExecStart=/bin/sh -c "echo 1 > > /sys/fs/cgroup/cpuset/cgroup.clone_children" StandardOutput=null > RemainAfterExit=yes > > [Install] > WantedBy=sysinit.target > > (the ExecStart= is one line, my mail client just likes to wrap) > > Then you can just do > > systemctl enable setup-clone-children.service > > and the next time you reboot, the setting will be applied. > > Hope that helps.
Many thanks. Implemented and awaiting testing. Joh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/mi55pi$v6u$1...@ger.gmane.org