[PATCH 3/3] ipc namespace: copy settings from parent namespace

Manfred Spraul manfred at colorfullife.com
Tue Aug 12 20:39:05 UTC 2014

Hi Eric,

On 08/12/2014 12:37 PM, Eric W. Biederman wrote:
> Manfred Spraul <manfred at colorfullife.com> writes:
> Sigh. Patches for new code during the merge window.  It is a really
> rotten time to look at new things.
>> Right now, each new IPC namespace starts with the kernel default values.
>> This means that changes that were made to the limits get overwritten.
>> With this patch, a new namespace inherits the settings from the parent
>> namespace, which is less surprising.
> In principle I agree.
> In practice I have to ask what have you done to survey applications
> that use the ipc namespace to see if they will break with this change in
> semantics.
I know this is the wrong answer, but:
What I find are problems caused by the current behavior.

See e.g.:

Some background:
The e.g. sysvshm limits were not updated for many years and many
applications only ran properly if sysvshm limits are increased.
(now the defaults are large, but only since ~3.15)

Increasing is simple: sysctl kernel.shmmax=<>, but somehow this
must happen inside the container.

Right now, the most common approach seems to be the solution from the 
bugzilla above:
Just marc /proc as read-write and do it manually.

With the patch, the kernel would propagate the value from parent to child.


More information about the Containers mailing list