Setting max_user_watches on container level

Jun 1, 2019
1
0
6
45
I'm stuck in a situation where I'm either running out of memory, or running out of inotify watches.

I have a container (running crashplan) that wants to open too many watches. If I set fs.inotify.max_user_watches too low on the host, then the container will use up all the watches, leaving none available for either the host or other containers. If I set it too high (that is, high enough to satisfy crashplan), then the system runs out of kernel memory.

If I could restrict the use of watches on the container or process level, this would solve my problem. Is there any way to do this? Or any other way of solving this problem?
 
fs.inotify.max_user_watches is a parameter directly relevant to the kernel. As LXC containers share the kernel, it is not possible to set this value on a per-container basis.

However, as the name implies, the limit is per user, so increasing the limit and then running crashplan as a different user might work for you.