Dirk Mueller
2b3f91e90c
* Allow aarch64 arch_vm_support * Remove OVMF symlinks * Require the new lxd-ovmf-setup packages OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=153
27 lines
1023 B
Plaintext
27 lines
1023 B
Plaintext
# WARNING: DO NOT MODIFY THIS FILE.
|
|
# Changes to this file will be lost when the lxd package is updated or removed.
|
|
# Instead, add changes to /etc/sysctl.d/.
|
|
|
|
# These defaults come from doc/production-setup.md, but have been slightly
|
|
# modified to be less extreme. The recommended value is included as a comment
|
|
# below each changed value.
|
|
|
|
# inotify limits.
|
|
fs.inotify.max_queued_events = 131072 # 1048576
|
|
fs.inotify.max_user_instances = 131072 # 1048576
|
|
fs.inotify.max_user_watches = 131072 # 1048576
|
|
|
|
# Number of memory mappings a process can have (lxd can have quite a lot).
|
|
#vm.max_map_count = 262144
|
|
|
|
# Deny container access to kmsg, but this also blocks non-root host users so
|
|
# it's disabled by default. This isn't a bad hardening measure in general.
|
|
#kernel.dmesg_restrict = 1
|
|
|
|
# ARP table size (one per container)
|
|
net.ipv4.neigh.default.gc_thresh3 = 2048 # 8192
|
|
net.ipv6.neigh.default.gc_thresh3 = 2048 # 8192
|
|
|
|
# Number of kernel keyrings for unprivileged users (one per container).
|
|
kernel.keys.maxkeys = 2048
|