Skip to main content
    • Knowledge Base/
    Configure Cap Ipc Lock And Cap Sys Nice In Docker

    Configuring CAP_IPC_LOCK and CAP_SYS_NICE Capabilities in Docker

    Learn how to resolve Docker capability warnings for `CAP_IPC_LOCK` and `CAP_SYS_NICE` when running ClickHouse in a container.

    Question

    When running ClickHouse in Docker, Docker is complaining about the lack of CAP_IPC_LOCK and CAP_SYS_NICE capabilities in the system. How can I resolve it?

    Here is what the no CAP_SYS_NICE or CAP_SYS_NICE capability log messages look like:

    Answer

    1. Add two --cap-add arguments to provide the container with the IPC_LOCK and SYS_NICE capabilities:
    1. Check that the capabilities are visible in the container using the following command:

    The response is similar to:

    1. Manually set both the capabilities for ClickHouse
    1. Check that the capabilities are applied.

    You should see the following:

    1. Restart the ClickHouse server and the log messages should not be shown.

    Check out this article on Linux capabilities for more details.

    · 2 min read