Default rlimit-nproc=3 causes problems with non-uid remapped containers #97
Comments
xaiki
added a commit
to endlessm/eos-data-distribution
that referenced
this issue
Jul 12, 2017
without it we hit lxc/lxc#25 and most particularly avahi/avahi#97 Signed-off-by: Niv Sardi <xaiki@evilgiggle.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By default, avahi-daemon sets the rlimit-nproc to 3.
The reasoning behind this is supposed to be security, to prevent avahi from launching processes in case of an exploit - though that is not really true since by default only 2 processes are consumed.
A problem arises when the same UID is user multiple times on the same system, this happens in particular when containers are used that do not remap UIDs into another range. In that case, a copy of avahi running in 2 containers causes the total process count to exceed 3 and Avahi cannot start.
References:
https://bugs.launchpad.net/maas/+bug/1661869
https://lists.linuxcontainers.org/pipermail/lxc-users/2016-January/010791.html
lxc/lxc#25
The text was updated successfully, but these errors were encountered: