On 05/03/2015 08:43 AM, Johannes Graumann wrote: > I'm playing with unpriviledged lxc containers according to > http://tinyurl.com/kvzxlvj on jessie. In order to lxc-create as a non-root > user I have to do > > PROMPT> echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children > PROMPT> echo 1 > /proc/sys/kernel/unprivileged_userns_clone > > How can I make those setting persistent such that they are automatically > (re)set upon reboot?
The second one is trivial: create a file /etc/sysctl.d/10-unpriv-lxc with the following contents: kernel.unprivileged_userns_clone = 1 Then on boot this setting will be automatically applied. If you want to activate clone_children for the cgroup automatically at boot, you kind-of need to do that manually. I'm going to assume you're using systemd as init system on the host (because it's the default and you didn't mention anything else [1]). The easiest way is to simply create a file /etc/systemd/system/setup-clone-children.service: [Unit] Description=Setup cpuset cgroup clone_children for LXC DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target [Service] Type=oneshot ExecStart=/bin/sh -c "echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children" StandardOutput=null RemainAfterExit=yes [Install] WantedBy=sysinit.target (the ExecStart= is one line, my mail client just likes to wrap) Then you can just do systemctl enable setup-clone-children.service and the next time you reboot, the setting will be applied. Hope that helps. Christian [1] If you're using another init system, you have to first tell us how you mount the cgroup hierarchies before we can tell you how you can best adjust that setting automatically. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5545fede.1020...@iwakd.de
