how can i change the value of /proc/sys/kernel/shmmax in a container? #10176

Closed
yousq opened this Issue Jan 19, 2015 · 11 comments

Comments

Projects
None yet
8 participants
@yousq

yousq commented Jan 19, 2015

I created an image based on the official images centos:6, but I need a bigger /proc/sys/kernel/shmmax value. Is any one can help me to deal with the prompt: "/proc/sys/kernel/shmmax: Read-only file system" ??

@yousq yousq changed the title from how can i change the value of /proc/sys/kernel/shmmax ? to how can i change the value of /proc/sys/kernel/shmmax in a container? Jan 20, 2015

@crosbymichael

This comment has been minimized.

Show comment
Hide comment
@crosbymichael

crosbymichael Jan 27, 2015

Contributor

This is a settings that you will have to set on your host and it will be propagated to the containers.

Contributor

crosbymichael commented Jan 27, 2015

This is a settings that you will have to set on your host and it will be propagated to the containers.

@arthurbarr

This comment has been minimized.

Show comment
Hide comment
@arthurbarr

arthurbarr Jan 29, 2015

Contributor

I haven't found this to be the case for shmmax. If I set the value on the host (using sysctl) on Ubuntu 14.04 then it is not propagated to the container. It works OK on boot2docker though. What is it that controls this? I can't find any documentation about this either.

Contributor

arthurbarr commented Jan 29, 2015

I haven't found this to be the case for shmmax. If I set the value on the host (using sysctl) on Ubuntu 14.04 then it is not propagated to the container. It works OK on boot2docker though. What is it that controls this? I can't find any documentation about this either.

@natea

This comment has been minimized.

Show comment
Hide comment
@natea

natea Feb 19, 2015

I'm having the same problem. I'm able to launch containers using boot2docker, and they have plenty of shared memory:

[root@a0411ca556df /]# cat /proc/sys/kernel/shmmax
18446744073692774399

But when I launch the same container on a normal Docker server (not boot2docker), then the shared memory is much smaller:

[root@a06b7e4b3f97 /]# cat /proc/sys/kernel/shmmax
33554432

I tried running these commands to change the shared memory setting on the host, hoping that it would propagate to the Docker containers, but it does not:

root@docker:/# echo "kernel.shmmax=2147483648" >> /etc/sysctl.conf
root@docker:/# sysctl -w kernel.shmmax=2147483648
kernel.shmmax = 2147483648

@crosbymichael any tips on where to make the shmmax setting on the host such that it propagates to the containers?

natea commented Feb 19, 2015

I'm having the same problem. I'm able to launch containers using boot2docker, and they have plenty of shared memory:

[root@a0411ca556df /]# cat /proc/sys/kernel/shmmax
18446744073692774399

But when I launch the same container on a normal Docker server (not boot2docker), then the shared memory is much smaller:

[root@a06b7e4b3f97 /]# cat /proc/sys/kernel/shmmax
33554432

I tried running these commands to change the shared memory setting on the host, hoping that it would propagate to the Docker containers, but it does not:

root@docker:/# echo "kernel.shmmax=2147483648" >> /etc/sysctl.conf
root@docker:/# sysctl -w kernel.shmmax=2147483648
kernel.shmmax = 2147483648

@crosbymichael any tips on where to make the shmmax setting on the host such that it propagates to the containers?

@arthurbarr

This comment has been minimized.

Show comment
Hide comment
@arthurbarr

arthurbarr Feb 19, 2015

Contributor

I've tracked this down. A change went into Linux kernel V3.16 which fixes this. Previously, the shared memory allocated to containers was hard-coded to 32 MB, and now it's set much higher. boot2docker keeps pretty up-to-date on kernel versions, which is why it works there. If you're not able to upgrade your kernel, then one alternative is to give your container access to the host's IPC namespace using the --ipc host option on docker run. This is a security risk as it breaks the isolation of your container, but it is an option.

Contributor

arthurbarr commented Feb 19, 2015

I've tracked this down. A change went into Linux kernel V3.16 which fixes this. Previously, the shared memory allocated to containers was hard-coded to 32 MB, and now it's set much higher. boot2docker keeps pretty up-to-date on kernel versions, which is why it works there. If you're not able to upgrade your kernel, then one alternative is to give your container access to the host's IPC namespace using the --ipc host option on docker run. This is a security risk as it breaks the isolation of your container, but it is an option.

@jeremyeder

This comment has been minimized.

Show comment
Hide comment
@jeremyeder

jeremyeder Mar 4, 2015

For future googlers, the patch referenced above is already in RHEL7.1, but I should say that I think this rather has to do with ULONG vs ULLONG...we're looking into it a bit more.

For future googlers, the patch referenced above is already in RHEL7.1, but I should say that I think this rather has to do with ULONG vs ULLONG...we're looking into it a bit more.

@zrml

This comment has been minimized.

Show comment
Hide comment
@zrml

zrml Apr 7, 2015

Hi guys:
Don't you think that reading from the host this value it's a risk? all containers will be able to allocate huge chunks of shmem. I'd prefer to have the option to handle this for each single container point of view even if my start-up script will have to invoke sysctl -w kernel.sh*=

?
thanks

zrml commented Apr 7, 2015

Hi guys:
Don't you think that reading from the host this value it's a risk? all containers will be able to allocate huge chunks of shmem. I'd prefer to have the option to handle this for each single container point of view even if my start-up script will have to invoke sysctl -w kernel.sh*=

?
thanks

@kopax

This comment has been minimized.

Show comment
Hide comment
@kopax

kopax Jun 13, 2016

I really don't understand why this is closed, this is a major issue.

Without the --ipc host, host has it's own ipcs -lm value.

Default is 16MB on Linux Kernels < 3.16

http://kernelnewbies.org/Linux_3.16

In 06/2016, there is still no way to get this configured in the container ?

kopax commented Jun 13, 2016

I really don't understand why this is closed, this is a major issue.

Without the --ipc host, host has it's own ipcs -lm value.

Default is 16MB on Linux Kernels < 3.16

http://kernelnewbies.org/Linux_3.16

In 06/2016, there is still no way to get this configured in the container ?

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Jun 13, 2016

Member

@kopax see this PR, which will be in the next release (docker 1.12); #19265

Member

thaJeztah commented Jun 13, 2016

@kopax see this PR, which will be in the next release (docker 1.12); #19265

@kopax

This comment has been minimized.

Show comment
Hide comment
@kopax

kopax Jun 13, 2016

@thaJeztah Thanks, I am not familiar with docker's release cycle. Do you know approx when will be the 1.12 released ?

kopax commented Jun 13, 2016

@thaJeztah Thanks, I am not familiar with docker's release cycle. Do you know approx when will be the 1.12 released ?

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Jun 13, 2016

Member

@kopax somewhere after DockerCon; it's usually a two-month release cycle; may be slightly longer this time due to DockerCon being in the middle of that cycle (don't have the definitive release date yet); https://github.com/docker/docker/wiki

Member

thaJeztah commented Jun 13, 2016

@kopax somewhere after DockerCon; it's usually a two-month release cycle; may be slightly longer this time due to DockerCon being in the middle of that cycle (don't have the definitive release date yet); https://github.com/docker/docker/wiki

@zrml

This comment has been minimized.

Show comment
Hide comment
@zrml

zrml Jun 21, 2016

@thaJeztah Thanks for the link to the other PR. Looking forward to testing it...

zrml commented Jun 21, 2016

@thaJeztah Thanks for the link to the other PR. Looking forward to testing it...

@thaJeztah thaJeztah added this to the 1.12.0 milestone Jun 22, 2016

@BillMills BillMills referenced this issue in IQuOD/AutoQC Aug 13, 2016

Closed

Docker help #185

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment