[lxc-devel] [RFC PATCH 0/1] allow setting cgroup items before the cgroup is entered

[Dwight Engen]

Hi,

I tried to put lxc.cgroup.memory.kmem.limit_in_bytes = 4194304 in a
config file to test forkbomb prevention. The problem with this is that
kmem.limit_in_bytes (per the kernel documentation) "cannot be set if
the cgroup have children, or if there are already tasks in the cgroup".
Currently, lxc does lxc_cgroup_enter() before doing setup_cgroup() in
the lxc_spawn() flow and therefore gets -EBUSY.

Commit 544a48a0 leads me to believe that we don't want to move
setup_cgroup() earlier, so I've refactored it to create an additional
setup_cgroup_pre_enter() that gets called before lxc_cgroup_enter().
Currently it only writes kmem.limit_in_bytes, if there are other items
that need to be setup pre-enter, they could easily be added to the
list. This fixes the problem for me. I think we are trying to keep lxc
from knowing about specific cgroup control knobs, but I have not
thought of another way to do this. Thoughts?