[lxc-devel] lxc and cgroup
Daniel Lezcano
daniel.lezcano at free.fr
Thu May 7 11:40:14 UTC 2009
Hi Michael,
I saw your question about the cgroup on irc channel.
<mkj_wk> dlezcano: question about lxc-cgroup...
<mkj_wk> we probably want to use the define whitelist (as discussed on
#lxcontainers) and I want that to take effect immediately on starting
the container
<mkj_wk> will lxc-cgroup store the values set for a named container
before starting it, and make them effective as part of lxc-init?
<mkj_wk> I'm asking because the man page says "when the container is
running" which makes me worry about race conditions...
<mkj_wk> especially since we're trying to avoid unintended consequences
from actions inside the container :)
You can specify the cgroup values in the configuration file like this:
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
Or, if you wish, you can hack a container already created by adding the
'cgroup' file in the configuration tree of lxc in
/var/lib/lxc/mycontainer with following format (exactly this format, no
space).
devices.deny=a
devices.allow=c 1:3 rwm
devices.allow=c 1:5 rwm
devices.allow=c 5:1 rwm
devices.allow=c 5:0 rwm
devices.allow=c 4:0 rwm
devices.allow=c 4:1 rwm
devices.allow=c 1:9 rwm
devices.allow=c 1:8 rwm
devices.allow=c 136:* rwm
devices.allow=c 5:2 rwm
devices.allow=c 254:0 rwm
You have an example of the configuration file in the lxc-debian script.
By this way, you specify any control group value, priority, cpuset, etc ...
Having these values in the configuration will make your container to
startup with these values set, ensuring you won't have a race condition
between the application startup and the setting of the container.
At runtime, you can modify these values for the container with the
lxc-cgroup command which does not affect the configuration, I mean if
you restart the container the cgroup values will be set to the default
specified in the configuration file.
Hope that answers your question :)
Thanks.
-- Daniel
More information about the lxc-devel
mailing list