From: Warren Togami (warren_at_togami.com)
Date: Wed 23 Jul 2003 - 19:06:51 BST
On Wed, 2003-07-23 at 03:19, Herbert PÃ¶tzl wrote:
> On Tue, Jul 22, 2003 at 11:06:15PM -1000, Warren Togami wrote:
> > [root_at_test root]# vserver test4 enter
> > /usr/sbin/vserver: line 586: ulimit: max user processes: cannot modify
> > limit: Invalid argument
> > ipv4root is now 10.0.0.12
> > New security context is 11
> > Upgraded from 2.4.20-ctx17 to 2.4.22-pre7-ctx17 and I now see this error
> > message when I enter a vserver. Is this a known bug? Serious?
> hmm, a few questions *grin*
> - do you use Jacques patch(es)? if yes which one(s)?
> - what is in your /etc/vservers/test4.conf file?
> - which vserver tools are you using 0.22 or 0.23?
> > Warren
# Select an unused context (this is optional)
# The default is to allocate a free context on the fly
# In general you don't need to force a context
# Select the IP number assigned to the virtual server
# This IP must be one IP of the server, either an interface
# or an IP alias
# The netmask and broadcast are computed by default from IPROOTDEV
# You can define on which device the IP alias will be done
# The IP alias will be set when the server is started and unset
# when the server is stopped
# Uncomment the onboot line if you want to enable this
# virtual server at boot time
# You can set a different host name for the vserver
# If empty, the host name of the main server is used
# You can set a different NIS domain for the vserver
# If empty, the current on is kept
# Set it to "none" to have no NIS domain set
# You can set the priority level (nice) of all process in the vserver
# Even root won't be able to raise it
# You can set various flags for the new security context
# lock: Prevent the vserver from setting new security context
# sched: Merge scheduler priority of all processes in the vserver
# so that it acts a like a single one.
# nproc: Limit the number of processes in the vserver according to
# (instead of a per user limit, this becomes a per vserver limit)
# private: No other process can join this security context. Even root
# Do not forget the quotes around the flags
# You can set various ulimit flags and they will be inherited by the
# vserver. You enter here various command line argument of ulimit
# ULIMIT="-H -u 200"
# The example above, combined with the nproc S_FLAGS will limit the
# vserver to a maximum of 200 processes
ULIMIT="-H -u 1000"
# You can set various capabilities. By default, the vserver are run
# with a limited set, so you can let root run in a vserver and not
# worry about it. He can't take over the machine. In some cases
# you can to give a little more capabilities (such as CAP_NET_RAW)