[lxc-devel] [patch 0/4][resend] fuse-procfs: overlap /proc with a fuse-procfs
daniel.lezcano at free.fr
Fri Sep 4 16:25:56 UTC 2009
This patchset implements a fuse filesystem to overlap the /proc, so we
can hide or hook a file content. This is useful for consolidating the
container vision with the system when some resources are changed for
The /proc overlap is splitted into 3 features:
* proxy the file : display real content
* shadow the file : hide the file
* mirror the file : change the content
By default the files are proxied, so there is no specific processing
on this file and they are showed as they are really.
The patchset was written to be extended easily. There is some overhead comparing
a direct access to the real /proc, but we don't have something without anything ;)
The next difficulty will be to have just one daemon running on the machine,
and having several containers using its services.
This code is *not* intended to be integrated to lxc, at least under this form,
fuse is too heavy and forks too much, for this reason a single daemon on the
host is better.
make procfs CFLAGS="-g -D_FILE_OFFSET_BITS=64 -DFUSE_USE_VERSION=27 -D_GNU_SOURCE" LDFLAGS="-lfuse"
lxc-execute -n foo /bin/bash
(with the shell in the container):
procfs -o direct_io /tmp/<tmpdir>
mount --bind /tmp/<tmpdir> /proc
echo 268435456 > /cgroup/toto/memory.memsw.limit_in_bytes
echo 268435456 > /cgroup/toto/memory.limit_in_bytes
We have to do that in two steps because fuse code looks at /proc when it initializes.
The fuse-procfs does not support default values when the memory has not been set.
* before exiting the container:
fusermount -u /tmp/<tmpfile>
ps : the kernel should have
If you do 'ls /proc', you should see everything expect the /proc/sys directory.
If you do 'cat /proc/meminfo', you should see:
MemTotal: 262144 kB
MemFree: 250684 kB
SwapTotal: 262144 kB
SwapFree: 0 kB
The top command is not working well because there is a little bug when
seeking a file.
More information about the lxc-devel