# These defaults come from doc/production-setup.md, but have been slightly
# modified to be less extreme. The recommended value is included as a comment
# below each changed value.

# inotify limits.
fs.inotify.max_queued_events  = 131072 # 1048576
fs.inotify.max_user_instances = 131072 # 1048576
fs.inotify.max_user_watches   = 131072 # 1048576

# Number of memory mappings a process can have (lxd can have quite a lot).
#vm.max_map_count = 262144

# Deny container access to kmsg, but this also blocks non-root host users so
# it's disabled by default. This isn't a bad hardening measure in general.
#kernel.dmesg_restrict = 1

# ARP table size (one per container)
net.ipv4.neigh.default.gc_thresh3 = 2048 # 8192
net.ipv6.neigh.default.gc_thresh3 = 2048 # 8192

# Number of kernel keyrings for unprivileged users (one per container).
kernel.keys.maxkeys = 2048