description => "Allow using 'fuse' file systems in a container."
." Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.",
},
+ mknod => {
+ optional => 1,
+ type => 'boolean',
+ default => 0,
+ description => "Allow unprivileged containers to use mknod() to add certain device nodes."
+ ." This requires a kernel with seccomp trap to user space support (5.3 or newer)."
+ ." This is experimental.",
+ },
+ force_rw_sys => {
+ optional => 1,
+ type => 'boolean',
+ default => 0,
+ description => "Mount /sys in unprivileged containers as `rw` instead of `mixed`."
+ ." This can break networking under newer (>= v245) systemd-network use."
+ },
};
my $confdesc = {
PVE::LXC::write_cgroup_value("cpu", $vmid, "cpu.cfs_period_us", -1);
PVE::LXC::write_cgroup_value("cpu", $vmid, "cpu.cfs_quota_us", -1);
} elsif ($opt eq 'cpuunits') {
- PVE::LXC::write_cgroup_value("cpu", $vmid, "cpu.shared", $confdesc->{cpuunits}->{default});
+ PVE::LXC::write_cgroup_value("cpu", $vmid, "cpu.shares", $confdesc->{cpuunits}->{default});
} elsif ($opt =~ m/^net(\d)$/) {
my $netid = $1;
PVE::Network::veth_delete("veth${vmid}i$netid");
# FIXME: $force deletion is not implemented for CTs
foreach my $opt (sort keys %$pending_delete_hash) {
next if $selection && !$selection->{$opt};
- $class->cleanup_pending($conf);
eval {
if ($opt =~ m/^mp(\d+)$/) {
my $mp = $class->parse_ct_mountpoint($conf->{$opt});
}
}
+ $class->cleanup_pending($conf);
+
foreach my $opt (sort keys %{$conf->{pending}}) { # add/change
next if $opt eq 'delete'; # just to be sure
next if $selection && !$selection->{$opt};
if (my $err = $@) {
$add_apply_error->($opt, $err);
} else {
- $class->cleanup_pending($conf);
$conf->{$opt} = delete $conf->{pending}->{$opt};
}
}
my $rescan_volume = sub {
my ($storecfg, $mp) = @_;
eval {
- $mp->{size} = PVE::Storage::volume_size_info($storecfg, $mp->{volume}, 5)
- if !defined($mp->{size});
+ $mp->{size} = PVE::Storage::volume_size_info($storecfg, $mp->{volume}, 5);
};
warn "Could not rescan volume size - $@\n" if $@;
};