Jakub Skokan
Jakub Skokan
`ruby-lxc` is broken with LXC 4.0.4 and newer, as two used external functions were removed from liblxc (see #45). This PR makes `ruby-lxc` work again with the following changes: *...
systemd in containers reports ``` systemd-journal-flush.service: Attaching egress BPF program to cgroup /sys/fs/cgroup/unified/system.slice/systemd-journal-flush.service failed: Invalid argument ``` when starting services with BPF firewall. strace shows this: ``` 1 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SKB,...
chef-client on linux 5.6 ends up in an loop on ``` poll([{fd=12, events=POLLOUT}], 1, -1) = 1 ([{fd=12, revents=POLLOUT}]) sendfile(12, 11, NULL, 7) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=12,...
Ever since containers are created only from images which contain empty configs, default configuration from osctld is not applied, i.e. mainly process limits (nofile). We need to either ensure that...
Adds button to Options -> Accessibility, next to "one switch" / "normal mode" button, as there isn't enough space vertically. Original item and level count is saved and restored if...
freshclam processes from multiple VPS tend to go crazy all at once, overloading the nodes. We can't really help it if people install it, but we could add override to...
Make it possible to configure temporary cluster resources, e.g. CPU, RAM, diskspace and let the users use them for a predefined period of time. Could be used to quickly handle...
Right now, VPS swap is needed, because playground is using different address ranges than production. So we use swap to put the new VPS into production and give it addresses...
It would be useful mostly for monitoring systems running inside containers. Currently the number of OOM kills from the host system is reported.
File capabilities set from within a user namespace apparently include user id and are then valid only if the user id is in the current user namespace, see https://elixir.bootlin.com/linux/v6.1.42/source/security/commoncap.c#L455. This...