- Add LXD 3.11 package.

- Update to LXC 3.1.0. - Update to LXCFS 3.0.3. - Rework packaging to be a more modern openSUSE-style. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=1
2019-03-27 17:26:15 +00:00
commit 8f32132ed4
10 changed files with 416 additions and 0 deletions
--- a/lxd.sysctl
+++ b/lxd.sysctl
@@ -0,0 +1,22 @@
+# These defaults come from doc/production-setup.md, but have been slightly
+# modified to be less extreme. The recommended value is included as a comment
+# below each changed value.
+
+# inotify limits.
+fs.inotify.max_queued_events  = 131072 # 1048576
+fs.inotify.max_user_instances = 131072 # 1048576
+fs.inotify.max_user_watches   = 131072 # 1048576
+
+# Number of memory mappings a process can have (lxd can have quite a lot).
+#vm.max_map_count = 262144
+
+# Deny container access to kmsg, but this also blocks non-root host users so
+# it's disabled by default. This isn't a bad hardening measure in general.
+#kernel.dmesg_restrict = 1
+
+# ARP table size (one per container)
+net.ipv4.neigh.default.gc_thresh3 = 2048 # 8192
+net.ipv6.neigh.default.gc_thresh3 = 2048 # 8192
+
+# Number of kernel keyrings for unprivileged users (one per container).
+kernel.keys.maxkeys = 2048