src/10-pve-ct-inotify-limits.conf

   1 # increase kernel hardcoded defaults by a factor of 512 to allow running more
   2 # than a very limited count of inotfiy hungry CTs (i.e., those with newer
   3 # systemd >= 240). This can be done as the memory used by the queued events and
   4 # watches is accounted to the respective memory CGroup.
   5 # One can override this by using a /etc/sysctl.d/*.conf file
   6
   7 # 2^23
   8 fs.inotify.max_queued_events = 8388608
   9 # 2^16
  10 fs.inotify.max_user_instances = 65536
  11 # 2^22
  12 fs.inotify.max_user_watches = 4194304
  13
  14 # This file contains the maximum number of memory map areas a process may have.
  15 # Memory map areas are used as a side-effect of calling malloc, directly by
  16 # mmap and mprotect, and also when loading shared libraries.
  17 vm.max_map_count = 262144
  18
  19 # This is the maximum number of entries in ARP table (IPv4). You should
  20 # increase this if you create over 1024 containers. Otherwise, you will get the
  21 # error neighbour: ndisc_cache: neighbor table overflow! when the ARP table
  22 # gets full and those containers will not be able to get a network
  23 # configuration.
  24 net.ipv4.neigh.default.gc_thresh3 = 8192
  25 net.ipv6.neigh.default.gc_thresh3 = 8192
  26
  27 # This is the maximum number of keys a non-root user can use, should be higher
  28 # than the number of containers
  29 kernel.keys.maxkeys = 2000