projects / pve-container.git / blame
| Commit | Line | Data |
|---|---|---|
| 02209345 TL |
1 | # increase kernel hardcoded defaults by a factor of 512 to allow running more |
| 2 | # than a very limited count of inotfiy hungry CTs (i.e., those with newer | |
| 3 | # systemd >= 240). This can be done as the memory used by the queued events and | |
| 4 | # watches is accounted to the respective memory CGroup. | |
| 5 | # One can override this by using a /etc/sysctl.d/*.conf file | |
| 6 | ||
| 7 | # 2^23 | |
| 8 | fs.inotify.max_queued_events = 8388608 | |
| 9 | # 2^16 | |
| 10 | fs.inotify.max_user_instances = 65536 | |
| 11 | # 2^22 | |
| 12 | fs.inotify.max_user_watches = 4194304 | |
| 083b330a TL |
13 | |
| 14 | # This file contains the maximum number of memory map areas a process may have. | |
| 15 | # Memory map areas are used as a side-effect of calling malloc, directly by | |
| 16 | # mmap and mprotect, and also when loading shared libraries. | |
| 17 | vm.max_map_count = 262144 | |
| 18 | ||
| 19 | # This is the maximum number of entries in ARP table (IPv4). You should | |
| 20 | # increase this if you create over 1024 containers. Otherwise, you will get the | |
| 21 | # error neighbour: ndisc_cache: neighbor table overflow! when the ARP table | |
| 22 | # gets full and those containers will not be able to get a network | |
| 23 | # configuration. | |
| 24 | net.ipv4.neigh.default.gc_thresh3 = 8192 | |
| 25 | net.ipv6.neigh.default.gc_thresh3 = 8192 | |
| 26 | ||
| 27 | # This is the maximum number of keys a non-root user can use, should be higher | |
| 28 | # than the number of containers | |
| 29 | kernel.keys.maxkeys = 2000 |