<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div dir="ltr" id="yui_3_16_0_1_1425530844351_44375"><span>Thanks ,</span></div><div dir="ltr" id="yui_3_16_0_1_1425530844351_44373"><span id="yui_3_16_0_1_1425530844351_44372">I am able to create nested containers. I want the children to inherit the limits of parent container. I am able to do it in cgroups. But in containers i am not able to. Example in cgroups, used the </span><span style="font-family: 'Courier New'; white-space: pre-wrap;" class="" id="yui_3_16_0_1_1425530844351_44414">memory.use_hierarchy option and contained the cgroups.</span></div><div dir="ltr" id="yui_3_16_0_1_1425530844351_44373"><span style="font-family: 'Courier New'; white-space: pre-wrap;" class=""><br></span></div><br>  <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_1_1425530844351_44291"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_1_1425530844351_44290"> <div dir="ltr" id="yui_3_16_0_1_1425530844351_44369"> <hr size="1">  <font size="2" face="Arial" id="yui_3_16_0_1_1425530844351_44368"> <b><span style="font-weight:bold;">From:</span></b> Fajar A. Nugraha <list@fajar.net><br> <b><span style="font-weight: bold;">To:</span></b> LXC users mailing-list <lxc-users@lists.linuxcontainers.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, March 4, 2015 2:44 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [lxc-users] nested containers<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_1_1425530844351_44289"><br>On Wed, Mar 4, 2015 at 12:15 PM, Mohan G <<a shape="rect" ymailto="mailto:mohan_gg@yahoo.com" href="mailto:mohan_gg@yahoo.com">mohan_gg@yahoo.com</a>> wrote:<div class="qtdSeparateBR"><br><br></div><div class="yqt7782023329" id="yqtfd60307"><br clear="none">> Hi,<br clear="none">> Is there anyway we can have nested containers/cgroups. One parent container<br clear="none">> forming the basis for children containers. i.e subset of parent container.</div><br clear="none"><br clear="none">Yes.<br clear="none"><br clear="none">On parent container config (in ubuntu), add this:<br clear="none">lxc.aa_profile=lxc-container-default-with-nesting<br clear="none"><br clear="none">And then on that container, you can create containers<br clear="none"><br clear="none">utopic ~ # lxc-ls -f --running<br clear="none">NAME  STATE    IPV4                       IPV6  GROUPS  AUTOSTART<br clear="none">-----------------------------------------------------------------<br clear="none">v     RUNNING  10.0.3.1, 192.168.124.173  -     -       NO<br clear="none"><br clear="none">utopic ~ # lxc-attach -n v<br clear="none"><br clear="none"><a shape="rect" ymailto="mailto:root@v" href="mailto:root@v">root@v</a>:~#<br clear="none"><br clear="none"><a shape="rect" ymailto="mailto:root@v" href="mailto:root@v">root@v</a>:~# cat /proc/1/cgroup<br clear="none">12:name=systemd:/lxc/v<br clear="none">11:perf_event:/lxc/v<br clear="none">10:net_prio:/lxc/v<br clear="none">9:net_cls:/lxc/v<br clear="none">8:memory:/lxc/v<br clear="none">7:hugetlb:/lxc/v<br clear="none">6:freezer:/lxc/v<br clear="none">5:devices:/lxc/v<br clear="none">4:cpuset:/lxc/v<br clear="none">3:cpuacct:/lxc/v<br clear="none">2:cpu:/lxc/v<br clear="none">1:blkio:/lxc/v<br clear="none"><br clear="none"><a shape="rect" ymailto="mailto:root@v" href="mailto:root@v">root@v</a>:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64<br clear="none">Using image from local cache<br clear="none">Unpacking the rootfs<br clear="none"><br clear="none">---<br clear="none">You just created an Ubuntu container (release=vivid, arch=amd64,<br clear="none">variant=default)<br clear="none"><br clear="none">To enable sshd, run: apt-get install openssh-server<br clear="none"><br clear="none">For security reason, container images ship without user accounts<br clear="none">and without a root password.<br clear="none"><br clear="none">Use lxc-attach or chroot directly into the rootfs to set a root password<br clear="none">or create user accounts.<br clear="none"><br clear="none"><a shape="rect" ymailto="mailto:root@v" href="mailto:root@v">root@v</a>:~# lxc-start -n nv<br clear="none"><br clear="none"><a shape="rect" ymailto="mailto:root@v" href="mailto:root@v">root@v</a>:~# lxc-ls -f --running<br clear="none">NAME  STATE    IPV4        IPV6  GROUPS  AUTOSTART<br clear="none">--------------------------------------------------<br clear="none">nv    RUNNING  10.0.3.249  -     -       NO<br clear="none"><br clear="none"><br clear="none"><br clear="none">Now run a process inside the nested container<br clear="none"><br clear="none"><a shape="rect" ymailto="mailto:root@v" href="mailto:root@v">root@v</a>:~# lxc-attach -n nv -- cat /proc/1/cgroup<br clear="none">12:name=systemd:/lxc/v/lxc/nv<br clear="none">11:perf_event:/lxc/v/lxc/nv<br clear="none">10:net_prio:/lxc/v/lxc/nv<br clear="none">9:net_cls:/lxc/v/lxc/nv<br clear="none">8:memory:/lxc/v/lxc/nv<br clear="none">7:hugetlb:/lxc/v/lxc/nv<br clear="none">6:freezer:/lxc/v/lxc/nv<br clear="none">5:devices:/lxc/v/lxc/nv<br clear="none">4:cpuset:/lxc/v/lxc/nv<br clear="none">3:cpuacct:/lxc/v/lxc/nv<br clear="none">2:cpu:/lxc/v/lxc/nv<br clear="none">1:blkio:/lxc/v/lxc/nv<br clear="none"><br clear="none">Note how the cgroup is nested<br clear="none"><br clear="none">-- <br clear="none">Fajar<br clear="none">_______________________________________________<br clear="none">lxc-users mailing list<br clear="none"><a shape="rect" ymailto="mailto:lxc-users@lists.linuxcontainers.org" href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br clear="none"><a shape="rect" href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br><br></div> </div> </div>  </div></body></html>