I’m trying to run a kubernet cluster using incus containers (why not vm? too few memory, containers are more light). I’m on incus
There is one problem starting kubelet
write /proc/self/oom_score_adj: permission denied
How to permit to write (if possible) to /proc/self? Thanks
Assuming this is an unprivileged container, then you can’t. An unprivileged container cannot increase it’s privileges past what it had at startup time, so it’s allowed by the kernel to change its oom_adjust, but only by decreasing the priority, not increasing it.
Thanks. There is a an easy way to convert an unprivileged container to privileged?
Set security.privileged=true and restart it. Note that this is really quite bad from a security standpoint though 
Thanks
I know, but is a test server
I have tried incus config edit node1
and add
security.privileged: true
Exit but seems not applied (when I restart it start unprivileged)
The setting needs to be nested under the config: section, and the value needs to be a string, i.e. "true".
Most foolproof way to do it:
incus config set c1 security.privileged=true
Or for a fresh container:
incus launch someimage c1 -c security.privileged=true
Thanks, now I have another problem. Proc is mounted as ro
echo 1 > /proc/sys/vm/overcommit_memory
bash: /proc/sys/vm/overcommit_memory: Read-only file system
How to mount proc as rw?
On lxc config I use
lxc.mount.auto=proc:rw sys:rw cgroup:mixed
but I don’t understand how to get the same line on incus.
Where I can find the docs with all keys?
I have found a good place for options
but I still dont’ find a option for mount proc rw
I have tried lxc-to-incus for converting (after set proc:rw in lxc config), but
echo 1 > /proc/sys/vm/overcommit_memory
bash: /proc/sys/vm/overcommit_memory: Read-only file system