[lxc-devel] [lxc/lxc] 5d8976: cgmanager: implement attach

GitHub noreply at github.com
Fri Jan 31 10:34:21 UTC 2014


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 5d89765574f559de43a96ab5a59475bf1b6f991d
      https://github.com/lxc/lxc/commit/5d89765574f559de43a96ab5a59475bf1b6f991d
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-01-31 (Fri, 31 Jan 2014)

  Changed paths:
    M src/lxc/attach.c
    M src/lxc/cgmanager.c
    M src/lxc/cgroup.c
    M src/lxc/cgroup.h
    M src/lxc/utils.c
    M src/lxc/utils.h

  Log Message:
  -----------
  cgmanager: implement attach

The cgroupfs-specific code is moved from attach.c to cgroup.c.

lxc-cgmanager now only chgrps the container's cgroup, so that the
unprivileged user still owns the tasks file allowing him to enter
the container cgroup (for attach).

Some other changes rolled into the cgmanager update:

Make the list of subsystems not per-handler, as it will not change.  As
a result, the only state we need to keep in the per-handler cgroup data
is the char *cgroup_path, so we can drop the cgm_data struct altogether.

Catch nih errors (as not doing so causes later crashes).

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: c476bdce46f5fd8e9ee261e40c86988211cbc278
      https://github.com/lxc/lxc/commit/c476bdce46f5fd8e9ee261e40c86988211cbc278
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-01-31 (Fri, 31 Jan 2014)

  Changed paths:
    M src/lxc/attach.c
    M src/lxc/bdev.c
    M src/lxc/cgmanager.c
    M src/lxc/cgroup.c
    M src/lxc/cgroup.h
    M src/lxc/conf.c
    M src/lxc/lxccontainer.c
    M src/lxc/start.c
    M src/lxc/utils.c
    M src/lxc/utils.h

  Log Message:
  -----------
  cgmanager: support lxc.mount.auto = cgroup

If it (or any variation thereof) is in the container configuration,
then mount /sys/fs/cgroup/cgmanager.lower (if it exists) or
/sys/fs/cgroup/cgmanager into the container so it can run a
cgproxy.

Also make sure to clear our groups when we start or attach to a
container.  Else with unprivileged containers we end up with
lots of nogroups listed in /proc/1/status.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: ecfcb3f00a93695b03f790e3ba05896847d5bd1e
      https://github.com/lxc/lxc/commit/ecfcb3f00a93695b03f790e3ba05896847d5bd1e
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-01-31 (Fri, 31 Jan 2014)

  Changed paths:
    M src/lxc/cgmanager.c
    M src/lxc/cgroup.c
    M src/lxc/cgroup.h
    M src/lxc/commands.c

  Log Message:
  -----------
  cgroup: change unfreeze_fromhandler to return bool

To be more consistent with other cgroup_ops methods, in the hopes
of having less return-value-related mixups.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 58ab99ae4b96d5d63f607d178f9490d631c9c921
      https://github.com/lxc/lxc/commit/58ab99ae4b96d5d63f607d178f9490d631c9c921
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-01-31 (Fri, 31 Jan 2014)

  Changed paths:
    M src/lxc/cgmanager.c
    M src/lxc/conf.c

  Log Message:
  -----------
  specify mode whenever mounting tmpfs

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/d46417540f61...58ab99ae4b96


More information about the lxc-devel mailing list