Permission denied when setting values in sysctl on Ubuntu 12.04
OpenVZ is not a virtual machine, it is more like a container – in other words, there is only a single kernel running for both the host and all "VPS"es. This means a kernel panic would bring down the whole system, including every VPS hosted on it, and many kernel settings are shared between the host and all guests.
So you are not allowed to modify those settings because it doesn't make sense to do so.
Related videos on Youtube
02 : 09
02 : 06
01 : 59
01 : 22
01 : 29
Jay Bhatt
Updated on September 18, 2022Comments
-
Jay Bhatt over 1 year
I am trying to configure my Ubuntu 12.04 VPS (OpenVZ) to reboot when it runs out of memory. To do this I have added following lines to my "/etc/sysctl.conf" file.
vm.panic_on_oom = 1 kernel.panic = 14But when I run the configuration using the command "sudo sysctl -p" I get following errors.
error: permission denied on key 'vm.panic_on_oom' error: permission denied on key 'kernel.panic'I have tried running the same command as root and found the same error.
Can anyone please point out what am I doing wrong? or how can I fix this?
Thanks in advance.
-
Jay Bhatt over 10 yearsThanks. I understand now. But is there a way to just reboot my own VPS when OOM condition occurs?
-
Rajat Gupta about 10 years@grawity: does that mean that I shouldn't be modifying any of the settings in
sysctl.conf. I am particularly asking this context of settings to disable source packet routing, disabling ICMP redirection messages, & other such settings(following this security article thefanclub.co.za/how-to/…) ? More specific question here serverfault.com/q/581798/64707 -
Rajat Gupta about 10 yearsyep I did tried & it returned
Permission deniedfor some keys. So should I set the allowed values (leaving the ones that are not permitted). I mean, will they really be in effect as it is a shared kernel, so how come my setting be enforced on the shared kernel ? -
Rajat Gupta about 10 yearsI think the only condition in which my settings should work would be if it changes something not shared. So it must be that not all of the settings in sysctl.conf are related to the kernel ?
-
user1686 about 10 years@user01: They're all kernel settings, but the kernel has support for putting certain things in "namespaces". (OpenVZ containers basically just add multiple namespaces for /proc, UIDs, network devices, etc. The mainline kernel already has namespace support too, used by LXC and Docker, though it hasn't reached OpenVZ level of functionality just yet.) E.g. each container has a different "root" user, and they all are different from the host's "root" user, despite all having UID 0. Similarly, network devices – and some network parameters – are also namespaced.
-
Rajat Gupta about 10 yearsVery insightful! Thanks so much for explanation!
