From: Zoltán Felleg Date: Tue, 4 Jun 2024 11:40:54 +0000 (+0200) Subject: Updated all containers (to use unprivileged base and memory limits). X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=ca49399743da7ac0b37471309ed96e51c1ecb8d4;p=user-lxc.git Updated all containers (to use unprivileged base and memory limits). --- diff --git a/sources/db2.in/config b/sources/db2.in/config index 02bd249..ad30ede 100644 --- a/sources/db2.in/config +++ b/sources/db2.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = db2.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ data none bind,create=dir 0 0 @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:a6 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 16G +lxc.cgroup2.memory.max = 20G lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/efg.pm/config b/sources/efg.pm/config index efbc6a5..ffcbfbc 100644 --- a/sources/efg.pm/config +++ b/sources/efg.pm/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = efg.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -27,6 +26,8 @@ lxc.net.1.hwaddr = 02:0c:18:03:28:92 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/ens.pm/config b/sources/ens.pm/config index 4df958f..149d704 100644 --- a/sources/ens.pm/config +++ b/sources/ens.pm/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ens.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:ad:40 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/fdc.in/config b/sources/fdc.in/config index 5062654..7b966f4 100644 --- a/sources/fdc.in/config +++ b/sources/fdc.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = fdc.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:83 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/fds.in/config b/sources/fds.in/config index 5868a4b..e809cb1 100644 --- a/sources/fds.in/config +++ b/sources/fds.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = fds.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:93 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 3G +lxc.cgroup2.memory.max = 4G lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/git.pm/config b/sources/git.pm/config index 2c03ed1..1447084 100644 --- a/sources/git.pm/config +++ b/sources/git.pm/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = git.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ git none bind,create=dir 0 0 @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:ad:4f lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/gitea.in/config b/sources/gitea.in/config index a94bae0..c86e103 100644 --- a/sources/gitea.in/config +++ b/sources/gitea.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = gitea.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ gitea none bind,create=dir 0 0 @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:dc lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 768M +lxc.cgroup2.memory.max = 1G lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/ifg.in/config b/sources/ifg.in/config index 472ca10..44cb922 100644 --- a/sources/ifg.in/config +++ b/sources/ifg.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ifg.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth diff --git a/sources/kea.in/config b/sources/kea.in/config index 935e386..504697f 100644 --- a/sources/kea.in/config +++ b/sources/kea.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = kea.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:7f lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/kms.in/config b/sources/kms.in/config index 5afc9d2..f2eba72 100644 --- a/sources/kms.in/config +++ b/sources/kms.in/config @@ -3,9 +3,8 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = kms.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro -lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ kms none bind,create=dir 0 0 +lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ kms none bind,create=dir 0 0 lxc.net.0.type = veth lxc.net.0.flags = up @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:e1 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/log.in/config b/sources/log.in/config index b336645..f96ddfb 100644 --- a/sources/log.in/config +++ b/sources/log.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = log.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ var/log/remote none bind,create=dir 0 0 @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:4d lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/mx.in/config b/sources/mx.in/config index 5466fa7..bf12b9d 100644 --- a/sources/mx.in/config +++ b/sources/mx.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = mx.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:9a lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/ns1.in/config b/sources/ns1.in/config index 0dca839..df39ac5 100644 --- a/sources/ns1.in/config +++ b/sources/ns1.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ns1.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:9f lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/ns2.in/config b/sources/ns2.in/config index e7ea874..92432ff 100644 --- a/sources/ns2.in/config +++ b/sources/ns2.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ns2.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:5c:9f lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/pki.in/config b/sources/pki.in/config index 3a34284..360594c 100644 --- a/sources/pki.in/config +++ b/sources/pki.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = pki.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:b7 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/pns.pm/config b/sources/pns.pm/config index e4b6214..8803926 100644 --- a/sources/pns.pm/config +++ b/sources/pns.pm/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = pns.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:ad:df lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/slycpx.in/config b/sources/slycpx.in/config new file mode 100644 index 0000000..95d225b --- /dev/null +++ b/sources/slycpx.in/config @@ -0,0 +1,27 @@ +lxc.include = /usr/share/lxc/config/common.conf + +lxc.arch = x86_64 +lxc.uts.name = slycpx.in.useribm.hu +lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.mount.auto = proc:rw sys:ro +lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ opt/slycpx none bind,create=dir 0 0 + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.link = brci-dev +lxc.net.0.hwaddr = 02:0c:18:03:6d:2c + +lxc.autodev = 1 + +lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 4G +lxc.cgroup2.memory.max = 5G + +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + +lxc.signal.halt = SIGRTMIN+4 + +lxc.start.auto = 1 +lxc.start.order = __CONTAINER_START_ORDER__ +lxc.start.delay = 5 diff --git a/sources/slycrm.in/config b/sources/slycrm.in/config index e2c827d..dc502b8 100644 --- a/sources/slycrm.in/config +++ b/sources/slycrm.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = slycrm.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ opt/slycrm none bind,create=dir 0 0 @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:35 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 12G +lxc.cgroup2.memory.max = 16G lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/sns.in/config b/sources/sns.in/config index 9966441..4457aa5 100644 --- a/sources/sns.in/config +++ b/sources/sns.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = sns.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:0b lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/vpn.in/config b/sources/vpn.in/config index 1fd7285..6fbae63 100644 --- a/sources/vpn.in/config +++ b/sources/vpn.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = vpn.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +13,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:ec lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/wdt.in/config b/sources/wdt.in/config new file mode 100644 index 0000000..528be00 --- /dev/null +++ b/sources/wdt.in/config @@ -0,0 +1,26 @@ +lxc.include = /usr/share/lxc/config/common.conf + +lxc.arch = x86_64 +lxc.uts.name = wdt.in.useribm.hu +lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.mount.auto = proc:rw sys:ro + +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.link = brci-dev +lxc.net.0.hwaddr = 02:0c:18:03:6d:38 + +lxc.autodev = 1 + +lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M + +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + +lxc.signal.halt = SIGRTMIN+4 + +lxc.start.auto = 1 +lxc.start.order = __CONTAINER_START_ORDER__ +lxc.start.delay = 5 diff --git a/sources/wiki.in/config b/sources/wiki.in/config index 6dcbb60..74f3f70 100644 --- a/sources/wiki.in/config +++ b/sources/wiki.in/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = wiki.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ data none bind,create=dir 0 0 @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:6d:d3 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000 diff --git a/sources/ws.pm/config b/sources/ws.pm/config index 4b5cc51..f4bd587 100644 --- a/sources/ws.pm/config +++ b/sources/ws.pm/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ws.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.useribm.hu.443 var/www/htdocs.useribm.hu.443 none bind,create=dir 0 0 lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.useribm.hu.80 var/www/htdocs.useribm.hu.80 none bind,create=dir 0 0 diff --git a/sources/xfr.pm/config b/sources/xfr.pm/config index 3d107df..eae4bf4 100644 --- a/sources/xfr.pm/config +++ b/sources/xfr.pm/config @@ -3,7 +3,6 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = xfr.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/www.xfr var/www.xfr none bind,create=dir 0 0 @@ -15,6 +14,8 @@ lxc.net.0.hwaddr = 02:0c:18:03:ad:ae lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.cgroup2.memory.high = 384M +lxc.cgroup2.memory.max = 512M lxc.idmap = u 0 100000 100000 lxc.idmap = g 0 100000 100000