[lxc-devel] [PATCH] set non device cgroup items before the cgroup is entered

Serge Hallyn serge.hallyn at ubuntu.com
Thu May 16 02:11:29 UTC 2013 

Quoting Dwight Engen (dwight.engen at oracle.com):
> This allows some special cgroup items such as memory.kmem.limit_in_bytes
> to be successfully set, since they must be set before any task is put
> into the cgroup.
> 
> The devices cgroup is setup later giving the container a chance to mount
> file systems before the device it might want to mount from becomes
> unavailable.
> 
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

thanks, Dwight.

-serge

> ---
>  src/lxc/conf.c  | 25 +++++++++++++++++++------
>  src/lxc/conf.h  |  3 +--
>  src/lxc/start.c | 10 +++++++---
>  3 files changed, 27 insertions(+), 11 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 746a2db..9877cc3 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1401,7 +1401,8 @@ static int setup_kmsg(const struct lxc_rootfs *rootfs,
>  	return 0;
>  }
>  
> -int setup_cgroup(const char *cgpath, struct lxc_list *cgroups)
> +static int _setup_cgroup(const char *cgpath, struct lxc_list *cgroups,
> +			  int devices)
>  {
>  	struct lxc_list *iterator;
>  	struct lxc_cgroup *cg;
> @@ -1411,13 +1412,15 @@ int setup_cgroup(const char *cgpath, struct lxc_list *cgroups)
>  		return 0;
>  
>  	lxc_list_for_each(iterator, cgroups) {
> -
>  		cg = iterator->elem;
>  
> -		if (lxc_cgroup_set_bypath(cgpath, cg->subsystem, cg->value)) {
> -			ERROR("Error setting %s to %s for %s\n", cg->subsystem,
> -				cg->value, cgpath);
> -			goto out;
> +		if (devices == !strncmp("devices", cg->subsystem, 7)) {
> +			if (lxc_cgroup_set_bypath(cgpath, cg->subsystem,
> +			    cg->value)) {
> +				ERROR("Error setting %s to %s for %s\n",
> +				      cg->subsystem, cg->value, cgpath);
> +				goto out;
> +			}
>  		}
>  
>  		DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value);
> @@ -1429,6 +1432,16 @@ out:
>  	return ret;
>  }
>  
> +int setup_cgroup_devices(const char *cgpath, struct lxc_list *cgroups)
> +{
> +	return _setup_cgroup(cgpath, cgroups, 1);
> +}
> +
> +int setup_cgroup(const char *cgpath, struct lxc_list *cgroups)
> +{
> +	return _setup_cgroup(cgpath, cgroups, 0);
> +}
> +
>  static void parse_mntopt(char *opt, unsigned long *flags, char **data)
>  {
>  	struct mount_opt *mo;
> diff --git a/src/lxc/conf.h b/src/lxc/conf.h
> index 465b1ec..8180e18 100644
> --- a/src/lxc/conf.h
> +++ b/src/lxc/conf.h
> @@ -287,6 +287,7 @@ struct lxc_conf {
>  int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf);
>  
>  extern int setup_cgroup(const char *cgpath, struct lxc_list *cgroups);
> +extern int setup_cgroup_devices(const char *cgpath, struct lxc_list *cgroups);
>  extern int detect_shared_rootfs(void);
>  
>  /*
> @@ -313,8 +314,6 @@ extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
>  extern int lxc_clear_mount_entries(struct lxc_conf *c);
>  extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
>  
> -extern int setup_cgroup(const char *name, struct lxc_list *cgroups);
> -
>  extern int uid_shift_ttys(int pid, struct lxc_conf *conf);
>  
>  /*
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index fd96d4f..cf5f9bd 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -809,6 +809,11 @@ int lxc_spawn(struct lxc_handler *handler)
>  	if ((handler->cgroup = lxc_cgroup_path_create(NULL, name)) == NULL)
>  		goto out_delete_net;
>  
> +	if (setup_cgroup(handler->cgroup, &handler->conf->cgroup)) {
> +		ERROR("failed to setup the cgroups for '%s'", name);
> +		goto out_delete_net;
> +	}
> +
>  	if (lxc_cgroup_enter(handler->cgroup, handler->pid) < 0)
>  		goto out_delete_net;
>  
> @@ -839,12 +844,11 @@ int lxc_spawn(struct lxc_handler *handler)
>  	if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_CONFIGURE))
>  		goto out_delete_net;
>  
> -	if (setup_cgroup(handler->cgroup, &handler->conf->cgroup)) {
> -		ERROR("failed to setup the cgroups for '%s'", name);
> +	if (setup_cgroup_devices(handler->cgroup, &handler->conf->cgroup)) {
> +		ERROR("failed to setup the devices cgroup for '%s'", name);
>  		goto out_delete_net;
>  	}
>  
> -
>  	/* Tell the child to complete its initialization and wait for
>  	 * it to exec or return an error.  (the child will never
>  	 * return LXC_SYNC_POST_CGROUP+1.  It will either close the
> -- 
> 1.8.1.4
>

More information about the lxc-devel mailing list