I gave it a try with the test kernel shared by Dimitri. 1. Launch a jammy(kernel version: 5.15.0-25-generic) based LXD VM locally 2. Disable the security boot. 3. Install the test kernels (version: 5.15.0-26-generic) 4. Reboot the VM 5. Install the latest lxd snap(5.0.0-e478009) from the store 6. Run the test plan ``` ubuntu@jammy-kernel-lp1968886:~$ sudo sysctl -a | grep pid_max kernel.pid_max = 4194304 ubuntu@jammy-kernel-lp1968886:~$ lxc exec small-pid-container -- sysctl -a 2>/dev/null | grep pid_max kernel.pid_max = 65536 ```
The test results matched what we expected. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1968886 Title: Provide pid_max namespace support Status in linux package in Ubuntu: Triaged Bug description: [Impact] * Allow setting lower pid_max on per namespace basis, to support legacy workloads on modern hosts. * Cherrypick patches from https://gitlab.com/brauner/linux/-/commits/pid_max_namespacing/ [Test Plan] Setup: cat <<EOF | sudo tee /var/snap/lxd/common/set-pid-max #!/bin/sh echo 65536 > "\${LXC_ROOTFS_MOUNT}"/proc/sys/kernel/pid_max EOF sudo chmod +x /var/snap/lxd/common/set-pid-max echo "lxc.hook.mount=\$SNAP_COMMON/set-pid-max" | sudo tee /var/snap/lxd/common/set-pid-max.config lxc launch -c raw.lxc="lxc.include = /var/snap/lxd/common/set-pid- max.config" ubuntu-daily:jammy small-pid-container == Test Results == Large value on the host: sudo sysctl -a | grep pid_max kernel.pid_max = 4194304 Small value in the container: lxc exec small-pid-container -- sysctl -a 2>/dev/null | grep pid_max kernel.pid_max = 65536 [Where problems could occur] * These are out-of-the-tree sauce patches not yet applied upstream, there appear to be permissions issues inside user namespaces of being able to self-lower the limit without being cap_sysadmin in the parent namespace. Implementation upstream may change, with different permissions and semantics. By default, currently pid_max is very large, and thus it shouldn't be needed to lower that at all on the host. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968886/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
