[lxc-devel] Fwd: [PATCH] add comments about running unconfined or nesting containers back to ubuntu.common.conf
S.Çağlar Onur
caglar at 10ur.org
Thu Dec 12 18:14:41 UTC 2013
Hi Serge,
On Tue, Dec 10, 2013 at 2:41 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting S.Çağlar Onur (caglar at 10ur.org):
>> Hi,
>>
>> On Mon, Dec 9, 2013 at 4:44 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
>> > On Mon, Dec 09, 2013 at 04:29:11PM -0500, S.Çağlar Onur wrote:
>> >> [Forwarding to new lxc-devel as I replied to old sf list]
>> >>
>> >>
>> >> ---------- Forwarded message ----------
>> >> From: S.Çağlar Onur <caglar at 10ur.org>
>> >> Date: Mon, Dec 9, 2013 at 4:26 PM
>> >> Subject: Re: [lxc-devel] [PATCH] add comments about running unconfined
>> >> or nesting containers back to ubuntu.common.conf
>> >> To: Stéphane Graber <stgraber at ubuntu.com>
>> >> Cc: lxc-devel at lists.sourceforge.net
>> >>
>> >>
>> >> Hi Stéphane,
>> >>
>> >> On Mon, Dec 9, 2013 at 3:04 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
>> >> > On Sat, Dec 07, 2013 at 06:04:10PM -0500, S.Çağlar Onur wrote:
>> >> >> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
>> >> >
>> >> > I'll reword the comment a bit to let them know to copy/paste the comment
>> >> > to the container's config instead of changing it in the common file
>> >> > which would get overwritten on upgrade and would also affect all
>> >> > containers.
>> >>
>> >> Thanks for doing that.
>> >>
>> >> On a separate note, it looks like /usr/share/lxc/hooks/mountcgroups
>> >> hook seems to have some issues (but couldn't find some time to debug
>> >> further). I migrated my nested containers to the new style config
>> >> (that's how I realized those comments are gone :P) but now the first
>> >> start is always failing with "lxc-start: command get_cgroup failed to
>> >> receive response" error and one after just works.
>> >
>> > Yeah, I've noticed that too... it seems to be related to the way LXC
>> > sets up its cgroups. I believe I mentioned some issues like that to
>> > Serge a while back but it's not very high on the todo since our goal is
>> > to instead have LXC use the new cgroup manager and deprecate that hook
>> > entirely by the time 1.0 is out.
>>
>> Oh I wasn't aware of you planning to finish cgmanager before 1.0,
>> that's great news!
>
> Currently create, chown, getvalue, gitpidcgroup, and movepid work, on
> host and in user namespaces. I'll implement setvalue today. I need to
> write a proxy to send scm creds for unprivileged users in non-init
> pidns. Then I'll need to think on whether to keep the current
> get/setvalue behavior - which accept the filename and values directly -
> or put in a slight abstraction (i.e. 'memory limit:x').
>
> Then we're ready to start testing lxc against it.
That is really exciting news.
> In the meantime, if you see the problem with the existing cgroup code, a
> patch is of course very welcome :)
Will try to do that as soon as I find some free time to work on it :)
> thanks,
> -serge
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
Best,
--
S.Çağlar Onur <caglar at 10ur.org>
More information about the lxc-devel
mailing list