fs.inotify.max_user_instances = 65536
# 2^22
fs.inotify.max_user_watches = 4194304
+
+# This file contains the maximum number of memory map areas a process may have.
+# Memory map areas are used as a side-effect of calling malloc, directly by
+# mmap and mprotect, and also when loading shared libraries.
+vm.max_map_count = 262144
+
+# This is the maximum number of entries in ARP table (IPv4). You should
+# increase this if you create over 1024 containers. Otherwise, you will get the
+# error neighbour: ndisc_cache: neighbor table overflow! when the ARP table
+# gets full and those containers will not be able to get a network
+# configuration.
+net.ipv4.neigh.default.gc_thresh3 = 8192
+net.ipv6.neigh.default.gc_thresh3 = 8192
+
+# This is the maximum number of keys a non-root user can use, should be higher
+# than the number of containers
+kernel.keys.maxkeys = 2000