Please sign in to comment.
Remove default rlimit-nproc=3
By default, avahi-daemon.conf configures rlimit-nproc=3 to limit the number of processes running to 3. In some cases, this would prevent avahi from starting within a container. It is presumed this was an attempt to limit attack vectors or Denial of Service potential of an exploited bug in Avahi. A problem arises (avahi fails to launch) when the same UID is re-used on the system, such as containers without UID remapping also running avahi. In particular, setting security.privileged=true on LXD containers causes this behavior and avahi will fail to launch in containers because the total number of processes under the avahi UID on the system exceeds 3. We comment out the default rlimit-nproc=3 setting from avahi-daemon.conf and update the relevant manpage with this information. (Closes: #97) References: https://bugs.launchpad.net/maas/+bug/1661869 https://lists.linuxcontainers.org/pipermail/lxc-users/2016-January/010791.html lxc/lxc#25
- Loading branch information...
Showing with 13 additions and 5 deletions.