[lxc-devel] lxc and cgroup

Daniel Lezcano daniel.lezcano at free.fr
Thu May 7 11:40:14 UTC 2009


Hi Michael,

I saw your question about the cgroup on irc channel.

<mkj_wk> dlezcano: question about lxc-cgroup...
<mkj_wk> we probably want to use the define whitelist (as discussed on 
#lxcontainers) and I want that to take effect immediately on starting 
the container
<mkj_wk> will lxc-cgroup store the values set for a named container 
before starting it, and make them effective as part of lxc-init?
<mkj_wk> I'm asking because the man page says "when the container is 
running" which makes me worry about race conditions...
<mkj_wk> especially since we're trying to avoid unintended consequences 
from actions inside the container :)

You can specify the cgroup values in the configuration file like this:

lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

Or, if you wish, you can hack a container already created by adding the 
'cgroup' file in the configuration tree of lxc in 
/var/lib/lxc/mycontainer with following format (exactly this format, no 
space).

devices.deny=a
devices.allow=c 1:3 rwm
devices.allow=c 1:5 rwm
devices.allow=c 5:1 rwm
devices.allow=c 5:0 rwm
devices.allow=c 4:0 rwm
devices.allow=c 4:1 rwm
devices.allow=c 1:9 rwm
devices.allow=c 1:8 rwm
devices.allow=c 136:* rwm
devices.allow=c 5:2 rwm
devices.allow=c 254:0 rwm

You have an example of the configuration file in the lxc-debian script.

By this way, you specify any control group value, priority, cpuset, etc ...
Having these values in the configuration will make your container to 
startup with these values set, ensuring you won't have a race condition 
between the application startup and the setting of the container.

At runtime, you can modify these values for the container with the 
lxc-cgroup command which does not affect the configuration, I mean if 
you restart the container the cgroup values will be set to the default 
specified in the configuration file.

Hope that answers your question :)

Thanks.
  -- Daniel




More information about the lxc-devel mailing list