[lxc-devel] [PATCH 1/5] cgroup: minor bugfixes so start and attach work again
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Aug 21 12:42:34 UTC 2013
Quoting Christian Seiler (christian at iwakd.de):
...
> If I think about that further, I think the initial bind-mount logic is
> already borked. Because if nested LXC breaks in such a way, so will
> many software that uses cgroups and relies on standard behaviour.
>
> I think the correct way for the mountcgroups hook is to do the
> following:
>
> Suppose the container has the cgroup /lxc/foo/foo and we just have the
> 'cpu' controller available.
>
> Initially, /sys/fs/cgroup will be a tmpfs and /sys/fs/cgroup/cpu will
> contain the cpu controller.
>
> LXC recursively creates /sys/fs/cgroup/cpu/lxc/foo. It then runs the
> mountcgroups hook.
>
> The mountcgroups hook should now mount a new tmpfs in
> $containerroot/sys/fs/cgroup. It should then create the directories
> for the controllers but *also* subdirectories for the cgroup of the
> containers, i.e.
>
> mount -t tmpfs none $containerroot/sys/fs/cgroup
> mkdir -p $containerroot/sys/fs/cgroup/cpu/lxc/foo
> mount -n --bind /sys/fs/cgroup/cpu/lxc/foo \
> $containerroot/sys/fs/cgroup/cpu/lxc/foo
I've thought about that (and mentioned it on the list, somewhere...),
and previously rejected it. I don't remember what my biggest complaint
was, though, odd.
If we're going to do this, we should do it soon. Would you have time
in the next few days?
(BTW, if we're going to throw words like b0rked around, I'd prefer to
reserve that for the refusal to implement fake-root in cgroups itself
which would allow us to ignore this by treating ourselves as really
being inside '/')
-serge
More information about the lxc-devel
mailing list