[lxc-users] container/config: why "lxc." in front of config option names?

Hi folks, The "lxc." in the config option names seems to be constant, so I wonder what it is good for? Its hard to search for "lxc.". Please excuse if this has been asked before. Regards Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers

Re: [lxc-users] container/config: why "lxc." in front of config option names?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/01/14 13:33, Stéphane Graber wrote: > > This was done so hooks and other tools related to LXC may share the config > file. > > LXC will consider any option that doesn't start with "lxc." as valid whereas > any unknown "lxc.*" option will be

[lxc-users] lxc-stop doesn't stop centos, waits for the timeout

Hi folks, Seems that a Centos 65 container doesn't stop on lxc-stop within the timeout. "lxc-stop -k" works, but thats very rude. For my Debian containers there is no such problem. The config file was generated by the template script. LXC is version 1.0 (BTW, congratulations). Every helpful sugg

Re: [lxc-users] lxc-stop doesn't stop centos, waits for the timeout

Found it: upstart ignores SIGPWR by default. Fix: cat

[lxc-users] lxc-1.0.3: lxc-start gets stuck

Hi folks, Using the HEAD of the stable-1.0 branch: Sometimes lxc-start gets stuck. I haven't found a reliable way to reproduce this (yet), but it seems to be related to starting and stopping a lot of almost identical LXCs in parallel without sleep in between (e.g. 8 containers with Centos 6.x).

[lxc-users] LXC leaking ptys?

Hi folks, is it possible that LXC is leaking ptys? I have seen it twice by now that a "lxc-start -n centos65_host" got stuck. When I tried to open another ssh session to the LXC server, then ssh reported stdin: not a tty I could login, though. max_pty on the server is 4096; the containe

Re: [lxc-users] LXC leaking ptys?

On 07/15/14 06:04, Serge Hallyn wrote: > > The lxc.pts is actually only used in that setting it to 0 will > not mount a /dev/pts. Setting it to 1024 is the same as setting > it to 1. > I see. The important point is that its a private pool. The Centos template has set lxc.autodev = 0. I haven't

Re: [lxc-users] LXC leaking ptys?

On 07/15/14 16:24, Serge Hallyn wrote: > Quoting Harald Dunkel (harald.dun...@aixigo.de): >> >> Nothing unusual. The log files show a lot of ssh sessions run by >> our monitoring software (active just for a few milliseconds), plus >> my own ssh sessions for main

[lxc-users] how to lxc-stop the rest?

Hi folks, is there some smart way to stop the rest of the containers not stopped by "lxc-autostart -s -a"? I would like to avoid the "device busy" at shutdown time, and manually looping through all running containers reported by lxc-ls appears a little bit clumsy. Should I make lxc.start.auto=1

Re: [lxc-users] how to lxc-stop the rest?

Hi Stéphane, On 08/07/14 16:50, Stéphane Graber wrote: > On Thu, Aug 07, 2014 at 04:33:15PM +0200, Harald Dunkel wrote: >> Hi folks, >> >> is there some smart way to stop the rest of the containers >> not stopped by "lxc-autostart -s -a"? > > "lx

Re: [lxc-users] How to cancel lxc-autostart

I am not familiar with Ubuntu's setup, but assuming it supports sysv-init I would suggest to omit lxc in a dedicated run level. If your default run level is 2 (specified in /etc/inittab), then you could use update-rc.d to omit lxc in run level 3, e.g. # update-rc.d lxc start 20 2 4 5 . st

Re: [lxc-users] Advice for running LXC on a Debian host

On Fri, 13 Mar 2015 13:34:22 + Rory Campbell-Lange wrote: > > Presently the Debian LXC wiki page at https://wiki.debian.org/LXC states > "LXC may not provide sufficient isolation at this time". > This is about Wheezy, AFAIK. You should give Jessie a chance. Jessie's LXC provides apparmor

[lxc-users] monitoring containers using lxc-info (without being root)

H folks, I would like to monitor my containers using lxc-info (lxc 1.1.2) run by an unprivileged user. Problem: % lxc-info -P /var/lib/lxc -n sample -c lxc.start.auto Insufficent privileges to control sample % ls -al /var/lib/lxc/sample total 16 drwxr-xr-x 3 root root 4096 May 11 19:40 . drwxr-

Re: [lxc-users] monitoring containers using lxc-info (without being root)

On 05/11/15 20:35, Stéphane Graber wrote: > > lxc-info -c doesn't read the container configuration, instead it > connects to the container's command socket and asks the container what's > the running configuration. > > That means that you need to run lxc-info as the same user which started > the

[lxc-users] oracle linux 7 in LXC: ulimit problem for root

Hi folks, hopefully this is not too much ot for this list: I am running Oracle Linux 7 in LXC. Problem: If I try to login as root via ssh, then I am kicked out after authentication, apparently due to an ulimit problem: Nov 25 11:08:58 lxc1.example.com sshd[186]: pam_limits(sshd:session): Could n

Re: [lxc-users] oracle linux 7 in LXC: ulimit problem for root

On 11/25/2015 12:33 PM, Tamas Papp wrote: > > Check out /etc/security/limits.d/ too. > Very helpful hint, but there is just a file 20-nproc.conf. Its all commented out: #* softnproc 4096 #root softnproc unlimited Regards Harri __

Re: [lxc-users] oracle linux 7 in LXC: ulimit problem for root

On 11/25/2015 02:27 PM, Tamas Papp wrote: > > > On 11/25/2015 02:07 PM, Harald Dunkel wrote: >> On 11/25/2015 12:33 PM, Tamas Papp wrote: >>> Check out /etc/security/limits.d/ too. >>> >> Very helpful hint, but there is just a file >> 20-nproc.conf.

Re: [lxc-users] Systemd as LXC 2.0 dependency ?

Hi folks, On 04/04/2016 05:50 PM, Serge Hallyn wrote: > Quoting Milan Beneš (mi...@benesovi.eu): >> Hello, >> does anybody know if systemd is a requirement for LXC 2.0? > > Systemd is not required. A name=systemd cgroup mount is. You > can create that trivially > > sudo mkdir /sys/fs/cgroup/sy

Re: [lxc-users] sysvinit with cgroup namespace

On 04/06/2016 05:18 PM, Serge Hallyn wrote: > Quoting KATOH Yasufumi (ka...@jazz.email.ne.jp): >> >> Will we be able to start a container on sysvinit with cgroup namespace >> in the future release? > > mkdir /sys/fs/cgroup > mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup > Or was it

Re: [lxc-users] sysvinit with cgroup namespace

Hi Serge, On 04/06/16 17:18, Serge Hallyn wrote: > Quoting KATOH Yasufumi (ka...@jazz.email.ne.jp): >> >> Will we be able to start a container on sysvinit with cgroup namespace >> in the future release? > > mkdir /sys/fs/cgroup > mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup > > Yo

Re: [lxc-users] sysvinit with cgroup namespace

Hi folks, AFAIR the idea of the containers was to provide isolation between the host and the user-space instances. Are we loosing this with systemd support? Regards Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.lin

Re: [lxc-users] sysvinit with cgroup namespace

On 04/21/16 08:05, Fajar A. Nugraha wrote: > On Wed, Apr 20, 2016 at 6:50 PM, Harald Dunkel > wrote: >> Hi folks, >> >> AFAIR the idea of the containers was to provide isolation >> between the host and the user-space instances. >> >> Are we loosing this

[lxc-users] which container is swapping?

Hi folks, Is there some way to monitor local memory swapping *inside* the container? Long story: I had to restrict memory usage for a set of containers, using lines like lxc.cgroup.memory.limit_in_bytes = 12G in the config file. The memory limits are not the same for all hosts. Of cour

Re: [lxc-users] which container is swapping?

Hi Guido, I would be highly interested in your script. Thanx in advance Harri On 06/21/16 15:54, Jäkel, Guido wrote: > Dear Harald, > > years ago I scripted my own lxc-free to be used as something lxc-aware inside > the container. It's based on the memory controllers values, too. Please take

[lxc-users] lxc 2.0: command get_cgroup failed for 'dom1': Permission denied

Hi folks, since lxc 2.0 my monitoring scripts return error messages about running system containers, e.g.: % lxc-ls -P /data1/lxc --fancy jerry1 lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed for 'jerry1': Permission denied lxc-ls: commands.c: lxc_cmd_get_cgroup_path:

Re: [lxc-users] lxc 2.0: command get_cgroup failed for 'dom1': Permission denied

On 10/18/2016 08:59 AM, Harald Dunkel wrote: > Hi folks, > > since lxc 2.0 my monitoring scripts return error messages about > running system containers, e.g.: > > % lxc-ls -P /data1/lxc --fancy jerry1 > lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup

[lxc-users] policy for contributing patches?

Hi folks, about 4 weeks ago I had sent a (simple) patch to a bug in config/init/common/lxc-containers.in to the lxc-devel mailing list. Problem: There was no response at all :-(. Pretty disappointing. This was not my first patch. In the past I found both lists lxc-users and lxc-devel quite respons

Re: [lxc-users] policy for contributing patches?

On 03/16/17 08:10, Stéphane Graber wrote: > > This change has since been merged. > Thanx very much >> The process for these "pull requests" is described at >> https://help.github.com/articles/creating-a-pull-request/ >> With a pull request, the maintainers can add your change with just a >> cli

[lxc-users] lxc 2.0.7: sysvinit on the host breaks systemd based containers

Hi folks, using sysvinit-core on the host the systemd based containers get stuck in /sbin/init. lxc-attach shows: root@lxcclient:~# ps -ef UIDPID PPID C STIME TTY TIME CMD root 1 0 0 11:49 ?00:00:00 /sbin/init root24 0 0 12:05 pts/000:00:00

Re: [lxc-users] lxc 2.0.7: sysvinit on the host breaks systemd based containers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/03/17 07:03, Harald Dunkel wrote: > Hi folks, > > using sysvinit-core on the host the systemd based containers get stuck in > /sbin/init. lxc-attach shows: > > root@lxcclient:~# ps -ef UIDPID PPID C STIME TTY

[lxc-users] lxc-start: cgroups/cgfs.c: do_setup_cgroup_limits: 2037 No such file or directory - Error setting devices.deny to a for jessie1

Hi folks, my LXCs don't start anymore: # lxc-start -P /data1/lxc -n jessie1 -F lxc-start: cgroups/cgfs.c: do_setup_cgroup_limits: 2037 No such file or directory - Error setting devices.deny to a for jessie1 lxc-start: start.c: lxc_spawn: 1236 Failed to setup the devices cgroup for container "je

Re: [lxc-users] lxc-start: cgroups/cgfs.c: do_setup_cgroup_limits: 2037 No such file or directory - Error setting devices.deny to a for jessie1

Hi Serge, On 05/12/17 15:59, Serge E. Hallyn wrote: > Quoting Harald Dunkel (harald.dun...@aixigo.de): >> Hi folks, >> >> my LXCs don't start anymore: > > Odd, do_setup_cgroup_limits() seems to be called twice. > > First time is sucessful, > &g

Re: [lxc-users] lxc-start: cgroups/cgfs.c: do_setup_cgroup_limits: 2037 No such file or directory - Error setting devices.deny to a for jessie1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/12/17 20:50, Harald Dunkel wrote: > Hi Serge, > > The host is running sysvinit. It failed with lxc 2.0.7. > > I would guess the problem was related to mounting cgroup. Both /cgroup and > /sys/fs/cgroup were mounted v

Re: [lxc-users] lxc 2.0.7: sysvinit on the host breaks systemd based containers

On 05/04/17 21:00, Serge E. Hallyn wrote: > > It would help to ask for more debugging information from systemd, > > lxc.init_cmd = /sbin/init log_target=console log_level=debug > > as well as looking at /sys/fs/cgroup in the container while systemd is > hung. There is just a single line:

Re: [lxc-users] lxc 2.0.7: sysvinit on the host breaks systemd based containers

On 05/04/17 21:00, Serge E. Hallyn wrote: > > Sounds like just systemd refusing to boot because all cgroups are comounted? > Are you sure that reverting to 1.1.5 fixes it, and it's not a newer systemd > breaking it? > I did serveral tests with LXC 2.0.8 on the host and systemd on the client: Bot

Re: [lxc-users] lxc 2.0.7: sysvinit on the host breaks systemd based containers

On 05/16/17 13:09, Harald Dunkel wrote: > > I did serveral tests with LXC 2.0.8 on the host and systemd on the > client: Both systemd 215-17+deb8u7 (Debian 8) and systemd 230-7~bpo8+2 > (Debian 8 backport) show this problem. cgroupfs-mount 1.3 is installed. > > If I ditch LX

[lxc-users] is memory.limit_in_bytes inherited by nested cgroups?

Hi folks, I have to restrict lxc.cgroup.memory.limit_in_bytes to 16GByte for the containers. Problem: New systems based on Stretch show % for i in $(find /sys/fs/cgroup/memory/lxc/lxc1 -name memory.limit_in_bytes); do \ echo $i $(cat $i) \ done | column -t /sys/fs/cgroup/memory/lxc/lxc1

Re: [lxc-users] Race condition in IPv6 network configuration

I would suggest to configure the network in /config (including the default route) before the container is even started. IPv4 and IPv6. Your /etc/network/interfaces should be empty. /etc/resolv.conf has to be setup accordingly. Regards Harri ___ lxc-

[lxc-users] debian template: cannot install openjdk-8-jre due to missing /proc

Hi folks, if I try to add openjdk-8-jre on the lxc-create command line, then it woes about missing /proc file system: # lxc-create -t debian -n sample01 -- -r stretch --packages=openjdk-8-jre : : Setting up ca-certificates-java (20170531+nmu1) ... the keytool command requires a mounted proc fs (

[lxc-users] debian template: cannot install openjdk-8-jre due to missing /proc

Hi folks, if I try to add openjdk-8-jre on the lxc-create command line, then it woes about missing /proc file system: # lxc-create -t debian -n sample01 -- -r stretch --packages=openjdk-8-jre : : Setting up ca-certificates-java (20170531+nmu1) ... the keytool command requires a mounted proc fs (

Re: [lxc-users] debian template: cannot install openjdk-8-jre due to missing /proc

On 12/18/17 15:53, Benjamin Asbach wrote: For me it looks like a bug. I guess a github issue would be the right place to do the evaluation on that problem. Found it, it seems to be https://github.com/lxc/lxc/issues/384 Thanx for your pointer Harri

[lxc-users] lxc 2.0: howto inherit ulimits from the host?

Hi folks, I am running lxc 2.0.9 on Stretch. The (privileged) container runs Oracle Linux 7.4. Problem: I get some very restricted ulimits in the container (e.g. nofile hard 8192), even though the limits for root and "*" on the host are set to much higher values. On the host the limits are fine.

Re: [lxc-users] Hint for CentOS 7 guests in Debian stretch with KAISER/KPTI kernel

On 01/11/18 17:19, Christoph Lechleitner wrote: > Hi everybody! > > After this cost me an afternoon I thought I should share the solution > here ;-) > > We are running multiple LXC hosts with Debian jessie resp. stretch, > using sysv-init over systemd in the host system. > > 99% of the guest sys

[lxc-users] lxcfs removed by accident, how to recover?

Hi folks, I have removed the lxcfs package by accident, while the containers are still running. Now ps in the containers gives me # ps -ef Error: /proc must be mounted To mount /proc at boot you need an /etc/fstab line like: proc /proc procdefaults In the meantime, run "mount p

Re: [lxc-users] lxcfs removed by accident, how to recover?

On 01/30/18 17:17, Stéphane Graber wrote: > > So you're going to need to restart those containers. > Until then, you can "umount" the various lxcfs files from within the > container so that rather than a complete failure to access those files, > you just get the non-namespaced version of the file.

Re: [lxc-users] lxcfs removed by accident, how to recover?

On 01/30/18 18:24, Harald Dunkel wrote: > On 01/30/18 17:17, Stéphane Graber wrote: >> >> So you're going to need to restart those containers. >> Until then, you can "umount" the various lxcfs files from within the >> container so that rather than a comp

Re: [lxc-users] lxcfs removed by accident, how to recover?

Hi Stéphane, On 01/30/18 17:17, Stéphane Graber wrote: Yeah, there's effectively no way to re-inject those mounts inside a running container. So you're going to need to restart those containers. Until then, you can "umount" the various lxcfs files from within the container so that rather than

Re: [lxc-users] lxcfs removed by accident, how to recover?

On 02/02/18 11:53, Stéphane Graber wrote: lxcfs is used for both privileged and unprivileged containers, without it you'd see the host uptime, host set of CPUs, host memory, ... Wouldn't you agree that this is cgroup stuff and should be provided by the kernel, similar to /proc/mounts and othe

Re: [lxc-users] LXC 3.0: Removal of cgmanager And cgfs cgroup Drivers

Does this mean that lxc 3.0 is systemd-only? Regards Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] lxc 2.0.10?

Hi folks, I see tons of interesting new code on the stable-2.0 branch, esp. cgfsng. What is your plan here? Will this be tagged in the near future to get a new snapshot 2.0.10? Regards Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers.o

Re: [lxc-users] lxc 2.0.10?

Hi Stéphane, On 7/6/18 3:39 PM, Stéphane Graber wrote:> > Yes, we will be tagging a new set of 2.0.x point releases for LXC, LXD > and LXCFS in the near future. This is currently held up a bit as we're > still dealing with people upgrading to 3.0.x and finding new issues > there as well as a rath

[lxc-users] lxc-create using lxc.idmap?

Hi folks, is there a way to tell lxc-create to support a custom(!) UID and GID map via lxc.idmap? Each container should get its own mapping. Problem behind this is that some containers may affect each other by exceeding the maximum number of threads. (Is this as expected? This is lxc 2.0.9.) Su

[lxc-users] how does lxc.cgroup.memory.limit_in_bytes affect buffer cache?

Hi folks, AFAIU lxc.cgroup.memory.limit_in_bytes provides a limit for physical memory allocation within the container (text + heap + stack). This is not reserved memory. The containers don't have a private memory management. A container might run into swap memory, even though it has not reached t

[lxc-users] lxc-checkconfig improvement?

Hi folks, lxc-checkconfig tells me : --- Misc --- Veth pair device: enabled, loaded Macvlan: enabled, not loaded Vlan: enabled, not loaded Bridges: enabled, loaded Advanced netfilter: enabled, not loaded CONFIG_NF_NAT_IPV4: enabled, loaded CONFIG_NF_NAT_IPV6: enabled, loaded CONFIG_IP_NF_TARGET_

Re: [lxc-users] future of lxc/lxd? snap?

On 2/25/19 4:52 AM, Fajar A. Nugraha wrote: snapcraft.io  is also owned by Canonical. By using lxd snap, they can easly have lxd running on any distro that already support snaps, without having to maintain separate packages. The problem is that there is no standard for

Re: [lxc-users] future of lxc/lxd? snap?

On 2/25/19 11:20 AM, Stéphane Graber wrote: > snapd + LXD work fine on CentOS 7, it's even in our CI environment, so > presumably the same steps should work on RHEL 7. > Apparently it doesn't work that fine: [root@centos7 ~]# yum install snapd Loaded plugins: fastestmirror, langpa

[lxc-users] minimum permissions to run Docker in LXC?

Hi folks, I found https://github.com/lxc/lxd/issues/4902, but it seems to be overly permissive to run Docker in LXC (IMHO). Has anybody tried less open permissions than lxc.cgroup.devices.allow = a lxc.mount.auto = proc:rw sys:rw lxc.cap.drop = What are your suggestions

[lxc-users] suspicious output for "lxc profile device add --help"

Hi folks, this looks weird: # lxc profile device add --help Description: Add devices to containers or profiles Usage: lxc profile device add [:] [key=value...] [flags] Examples: lxc config device add [:]container1 disk source=/share/c1 path=opt Will mount the host's /share/c1

[lxc-users] 10min lxd shutdown penalty

Hi folks, apparently lxd doesn't properly terminate at shutdown/reboot time, even though there are no containers installed. The shutdown procedure is delayed for 10 minutes. Last words: A stop job is running for Service for snap application lxd.daemon This is *highly* painful. Platform is Debi

[lxc-users] new tag 3.2.2?

Hi folks, I see big progress on the lxc master branch every day, but I wonder if there is a schedule for a tagged version 3.2.2? Something that could be used in production? Regards and best season's greetings Harri ___ lxc-users mailing list lxc-user

Re: [lxc-users] Help needed: lxc unpriv. containers and debian buster sysvinit

On 2020-02-24 14:34, mlftp@pep.foundation wrote: It might suffice to just mount the cgroups all together under /sys/fs/cgroup/all instead of /sys/fs/cgroup. Yes, and with debian it works with the cgroupfs-mount package. Do you need cgmanager as well? Is the functionality of cgroupfs-mount i

[lxc-users] java11 vs memory.limit_in_bytes

Hi folks, according to some notes on the net (e.g. [1]) openjdk11 is aware of the container limits for calculating default heap size and some other internal parameters. Apparently this works very well for Docker. Sample: # docker run -ti --rm --cpus 2 -m 4G debian root@c526096eb86e:/# apt update

Re: [lxc-users] java11 vs memory.limit_in_bytes

Some new findings: strace shows that java reads /sys/fs/cgroup/memory/user.slice/user-0.slice/session-c254.scope/memory.limit_in_bytes instead of /sys/fs/cgroup/memory/memory.limit_in_bytes root@debian10:~# cat /sys/fs/cgroup/memory/user.slice/user-0.slice/session-c254.scope/memory.limit_in_

[lxc-users] lxc.kmsg needed for official version 3.0

Hi folks, apparently there is some text about lxc.kmsg commented out in doc/ko/lxc.container.conf.sgml.in. What happened to this feature? AFAICT lxc.kmsg = 1 is needed to run kubelet in lxc. Currently I am using # special settings for rke lxc.cgroup.devices.allow = a lxc

[lxc-users] I/O error for logrotate in LXC

Hi folks, on some LXC containers I get I/O errors for the logrotate service (systemd): root@il04:~# systemctl status logrotate * logrotate.service - Rotate log files Loaded: loaded (/lib/systemd/system/logrotate.service; static; vendor preset: enabled) Active: failed (Result: exit-code) s

[lxc-users] ghost services on LXC containers

Hi folks, using Debian 10 and lxc 4.0.2 (or 4.0.4) I found ghost services in my containers. Sample: # cat /sys/fs/cgroup/unified/system.slice/cron.service/cgroup.procs 50 0 # cat /sys/fs/cgroup/unified/system.slice/dbus.service/cgroup.procs 48 0 # cat /sys/fs/cgroup/unified/system.slice/zabbix

Re: [lxc-users] ghost services on LXC containers

On 8/13/20 9:02 AM, Harald Dunkel wrote: # cat /sys/fs/cgroup/unified/system.slice/zabbix-agent.service/cgroup.procs 0 0 0 0 0 0 PID 0 is not valid here, AFAICT. And zabbix-agent isn't even installed in my container. Its installed on the host only. PS: Lennart Pottering wrote about

Re: [lxc-users] ghost services on LXC containers

On 8/13/20 12:32 PM, Fajar A. Nugraha wrote: Try (two times, once inside the container, once inside the host): - cat /proc/self/cgroup - ls -la /proc/self/ns On the host: root@il08:~# cat /proc/self/cgroup 13:name=systemd:/ 12:rdma:/ 11:pids:/ 10:perf_event:/ 9:net_prio:/ 8:net_cls:/ 7:memory:

Re: [lxc-users] lxc stop ignored

Hi Aleksandar, I've found some old README for configuring RedHat LXC containers: # create an upstart handler for SIGPWR cat

Re: [lxc-users] LXC Memory LImits

On 11/4/20 11:30 AM, Atif Ghaffar wrote: I find this document useful for resource limits. https://stgraber.org/2016/03/26/lxd-2-0-resource-control-412/ Very helpful indeed, but since we are at lxd 4.7 now I wonder if this blog

[lxc-users] 4.0.6 regression: /proc/sys/net/ipv4/ip_forward: Read-only file system

Hi folks, since I moved from lxc 4.0.4 to 4.0.6 I get # echo 0 >/proc/sys/net/ipv4/ip_forward bash: /proc/sys/net/ipv4/ip_forward: Read-only file system in the container. The man page says lxc.mount.auto specify which standard kernel file systems should be

Re: [lxc-users] 4.0.6 regression: /proc/sys/net/ipv4/ip_forward: Read-only file system

On 2/4/21 3:32 PM, Harald Dunkel wrote: How comes it worked before? Hopefully I am not too blind to see, but the git log doesn't tell that this has been changed. PS: I found af9dd246df7c99740f153682e0eb427f1426693d unmounted proc/sys/net if dropping CAP_NET_ADMIN appar