I am trying to change the value of /proc/sys/fs/mqueue/msgsize_max for an unprivileged LXC container (not LXD) running on Ubuntu 17.10 without any success.
Changing lxc.mount.auto proc:mixed to proc:rw and changing the value inside the container echo 5000 > /proc/sys/fs/mqueue/msgsize_max ; gives Permission denied
I have also tried to mount the content of the proc value from the host:
lxc.mount.entry = /proc/sys/fs/mqueue/msgsize_max proc/sys/fs/mqueue/msgsize_max none bind,optional,create=file
or
lxc.mount.entry = /proc/sys/fs/mqueue proc/sys/fs/mqueue none bind,optional,create=dir
Is it possible to change this kind of proc value in some way for an unprivileged container?
/Arvid
The kernel is what’s rejecting that change. It looks like this value is indeed namespaced, probably as part of the IPC namespace, but wasn’t marked as being safe for an unprivileged user to modify.
I suspect that if you can attach to the container’s ipc and mount namespace without attaching to the user namespace, then you may be able to modify that limit. I however don’t believe that there is any good tool that lets you do that.
@brauner can this be done with lxc-attach by running it as root with a specific set of namespaces? We’d effectively want to attach to the container as real root so we can modify that proc file.