Unable to su - user in a centos/6 container


(BOURIAUD David) #1

Hi !
I’ve a lxd host with ~90 containers, some of which are centos-6 ones. Half of the containers are running.
If I do the following :
root@host $ lxc exec container – /bin/bash --login
I get into the container :
root@container $
From here, if I try this :
root@container $ su - user
I get the following :
can not fork user shell: Resource temporarily unavailable

However, If I stop one of the running container of the host (whatever one, doesn’t matter), The later command works fine and I get connected as user in my container, as expected. So, I suspect that the machine somehow reached a limit. I’ve followed what I’ve seen here to setup my host :

I’m using latest snap version of lxd (3.11) and here is the result of ulimit -a on this machine :
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 47769
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1048576
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 47769
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

And what is filled in in /etc/sysctl.conf :
fs.file-max = 2097152
vm.swappiness = 20
fs.inotify.max_queued_events = 1048576
fs.inotify.max_user_instances = 1048576
fs.inotify.max_user_watches = 1048576
vm.max_map_count = 262144
kernel.keys.maxkeys = 2000
kernel.dmesg_restrict = 1

Any help appreciated, since I can’t get any clue on what limit has been reached that forgives the “su - user” command.


#2

This should be nproc in /etc/security/limits.conf
There is a hard and there is a soft nproc limit, by default at 1024. The limit is per UID.