]>
Commit | Line | Data |
---|---|---|
02209345 TL |
1 | # increase kernel hardcoded defaults by a factor of 512 to allow running more |
2 | # than a very limited count of inotfiy hungry CTs (i.e., those with newer | |
3 | # systemd >= 240). This can be done as the memory used by the queued events and | |
4 | # watches is accounted to the respective memory CGroup. | |
5 | # One can override this by using a /etc/sysctl.d/*.conf file | |
6 | ||
7 | # 2^23 | |
8 | fs.inotify.max_queued_events = 8388608 | |
9 | # 2^16 | |
10 | fs.inotify.max_user_instances = 65536 | |
11 | # 2^22 | |
12 | fs.inotify.max_user_watches = 4194304 | |
083b330a TL |
13 | |
14 | # This file contains the maximum number of memory map areas a process may have. | |
15 | # Memory map areas are used as a side-effect of calling malloc, directly by | |
16 | # mmap and mprotect, and also when loading shared libraries. | |
17 | vm.max_map_count = 262144 | |
18 | ||
19 | # This is the maximum number of entries in ARP table (IPv4). You should | |
20 | # increase this if you create over 1024 containers. Otherwise, you will get the | |
21 | # error neighbour: ndisc_cache: neighbor table overflow! when the ARP table | |
22 | # gets full and those containers will not be able to get a network | |
23 | # configuration. | |
24 | net.ipv4.neigh.default.gc_thresh3 = 8192 | |
25 | net.ipv6.neigh.default.gc_thresh3 = 8192 | |
26 | ||
27 | # This is the maximum number of keys a non-root user can use, should be higher | |
28 | # than the number of containers | |
29 | kernel.keys.maxkeys = 2000 |