github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-01-16 19:20:00 +00:00
Code Issues Projects Releases Wiki Activity

Add in sysctl container

Browse Source 
- based on @riyazdf earlier unmerged Go version 891c006d34/alpine/containers/cloud-config/main.go

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
2017-03-09 14:32:13 +00:00
parent 83c052f74c
commit bf41a668d7
8 changed files with 158 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
base/sysctl/etc/sysctl.d/00-moby.conf Normal file
View File

@@ -0,0 +1,22 @@
# general limits
vm.max_map_count = 262144
vm.overcommit_memory = 1
net.core.somaxconn = 1024
net.ipv4.neigh.default.gc_thresh1 = 30000
net.ipv4.neigh.default.gc_thresh2 = 32000
net.ipv4.neigh.default.gc_thresh3 = 32768
fs.aio-max-nr = 1048576
fs.inotify.max_user_watches = 524288
fs.file-max = 524288
# for rngd
kernel.random.write_wakeup_threshold = 3072
# security restrictions
kernel.kptr_restrict = 2
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
kernel.perf_event_paranoid = 3
fs.protected_hardlinks = 1
fs.protected_symlinks = 1