# increase kernel hardcoded defaults by a factor of 512 to allow running more
# than a very limited count of inotfiy hungry CTs (i.e., those with newer
# systemd >= 240). This can be done as the memory used by the queued events and
# watches is accounted to the respective memory CGroup.
# One can override this by using a /etc/sysctl.d/*.conf file

# 2^23
fs.inotify.max_queued_events = 8388608
# 2^16
fs.inotify.max_user_instances = 65536
# 2^22
fs.inotify.max_user_watches = 4194304

# This file contains the maximum number of memory map areas a process may have.
# Memory map areas are used as a side-effect of calling malloc, directly by
# mmap and mprotect, and also when loading shared libraries.
vm.max_map_count = 262144

# This is the maximum number of entries in ARP table (IPv4). You should
# increase this if you create over 1024 containers. Otherwise, you will get the
# error neighbour: ndisc_cache: neighbor table overflow! when the ARP table
# gets full and those containers will not be able to get a network
# configuration.
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv6.neigh.default.gc_thresh3 = 8192

# This is the maximum number of keys a non-root user can use, should be higher
# than the number of containers
kernel.keys.maxkeys = 2000