Swap activation fails ("Operation not permitted") in cloud workspace despite --cap-add=SYS_ADMIN

[tamimbook]

Hi Lapdev team,
I'm using ws.lap.dev for a remote dev/gaming workspace (Minecraft via SKLauncher in XFCE over RDP). I configured a custom devcontainer with --cap-add=SYS_ADMIN and --memory-swap=128g to enable larger swap for memory-intensive tasks, but swapon fails despite the capability being present.

Steps to Reproduce:

1. Create workspace from repo: https://github.com/tamimbook/mining-the-vps (uses devcontainer.json with the flags).
2. In terminal (as root): fallocate -l 16G /swapfile && chmod 600 /swapfile && mkswap /swapfile (succeeds).
3. Run swapon /swapfile → "swapon: /swapfile: swapon failed: Operation not permitted".
4. capsh --print shows cap_sys_admin in bounding set.

Output:

root@mining-the-vps-mfwxn3ceon2f:/workspaces/mining-the-vps# free -h
              total        used        free      shared  buff/cache   available
Mem:          124Gi        22Gi        13Gi       137Mi        88Gi       100Gi
Swap:         4.0Gi       4.0Gi          0B

capsh --print output:

root@mining-the-vps-mfwxn3ceon2f:/workspaces/mining-the-vps# capsh --print
WARNING: libcap needs an update (cap=40 should have a name).
Current: =ep
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,38,39,40
Ambient set =
Securebits: 00/0x0/1'b0
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
 secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=65534(nogroup),65534(nogroup),0(root)
Guessed mode: UNCERTAIN (0)

Expected:

Swap activates, allowing up to 128 GiB for apps like Minecraft (which can exceed 124 GiB RAM under load).

Why This Matters:

Lapdev's high-end gaming CPUs (e.g., Ryzen 9) are perfect for dev/gaming, but swap restrictions limit memory for resource-heavy tasks. Enabling it via runtime (e.g., Podman/containerd flag) would make ws.lap.dev even more versatile without security risks (SYS_ADMIN is scoped).
Happy to provide workspace ID (mining-the-vps-mfwxn3ceon2f) or test patches. Thanks for the awesome tool!

Environment:

      * OS: Ubuntu 20.04.6 LTS (devcontainer base)
      * Lapdev Cloud: 4 Core - 4 vCPUs, 16GB memory, 32GB disk

I'm hoping for an answer also make sure that "mining" specifically means minecraft i accidently write as this.

[tamimbook]

bruh it's been 2 months since no reply where are the supports? is this what lab dev does to users? @MinusGix @lyang2821 are you this projects dev or users? @MinusGix @lyang2821

[dzhou121]

A Lapdev workspace itself is inside a container so you can’t use swapon.