[lxc-devel] [PATCH 1/1] Remove mention of mountcgroups in ubuntu.common config

Stéphane Graber stgraber at ubuntu.com
Thu Jul 17 22:30:55 UTC 2014 

On Thu, Jul 17, 2014 at 10:21:31PM +0000, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
> > On Thu, Jul 17, 2014 at 02:08:59PM +0000, Serge Hallyn wrote:
> > > That mount hook predates the lxc.mount.auto = cgroup option.  So mention
> > > that instead.
> > > 
> > > Perhaps we should simply drop the mountcgroup hook from the tree, but
> > > I'm not doing that in this patch.
> > > 
> > > (This addresses https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1342960)
> > > 
> > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > 
> > Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> > 
> > And unless someone strongly feels otherwise, I'd +1 the removal of the
> > hook from the tree too.
> 
> Ok, let's do it then:
> 
> 
> Subject: [PATCH 1/1] remove mountcgroup hook entirely
> 
> Also fix the comment in lxc-cirros template (which I overlooked last time).
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  hooks/Makefile.am       |  1 -
>  hooks/mountcgroups      | 69 -------------------------------------------------
>  templates/lxc-cirros.in |  2 +-
>  3 files changed, 1 insertion(+), 71 deletions(-)
>  delete mode 100755 hooks/mountcgroups
> 
> diff --git a/hooks/Makefile.am b/hooks/Makefile.am
> index 64bb26b..be55601 100644
> --- a/hooks/Makefile.am
> +++ b/hooks/Makefile.am
> @@ -2,7 +2,6 @@ hooksdir=@LXCHOOKDIR@
>  
>  hooks_SCRIPTS = \
>  	clonehostname \
> -	mountcgroups \
>  	mountecryptfsroot \
>  	ubuntu-cloud-prep \
>  	squid-deb-proxy-client
> diff --git a/hooks/mountcgroups b/hooks/mountcgroups
> deleted file mode 100755
> index 073929c..0000000
> --- a/hooks/mountcgroups
> +++ /dev/null
> @@ -1,69 +0,0 @@
> -#!/bin/bash
> -
> -# (C) Copyright Canonical 2011,2012
> -
> -# This library is free software; you can redistribute it and/or
> -# modify it under the terms of the GNU Lesser General Public
> -# License as published by the Free Software Foundation; either
> -# version 2.1 of the License, or (at your option) any later version.
> -
> -# This library is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> -# Lesser General Public License for more details.
> -
> -# You should have received a copy of the GNU Lesser General Public
> -# License along with this library; if not, write to the Free Software
> -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> -
> -#
> -# This is an example hook to mount all mounted cgroups in the
> -# container.  Only the container's own cgroup (not parents) will be
> -# accessible to the container.  You can enable this by adding
> -# lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
> -# to your container's configuration file.
> -
> -set -e
> -
> -c=$1
> -configfile=$LXC_CONFIG_FILE
> -d=/sys/fs/cgroup
> -d2=$LXC_ROOTFS_MOUNT/${d}
> -# name lxc hook lxcpath
> -lxcpath=$4
> -if [ ! -d "$d" ]; then
> -    exit 0
> -fi
> -
> -mount -n -t tmpfs tmpfs ${d2}
> -
> -do_devices_setup() {
> -    local devdir="$1"
> -    local c="$2"
> -    local line
> -    local w  # which (allow or deny)
> -    local v  # value
> -    # lxc.include provides common configuration options
> -    local commonconfigfile=$(egrep "^lxc.include[ \t]*=" ${configfile} | awk -F= '{ print $2 }')
> -    cat ${configfile} ${commonconfigfile} | egrep "^lxc.cgroup.devices.(allow|deny)[ \t]*=" | while read line; do
> -        w=`echo $line | awk -F. '{ print $4 }' | awk '{ print $1 }'`
> -        v=`echo $line | awk -F= '{ print $2 }'`
> -        echo "$v" >> "$devdir"/devices.$w
> -    done
> -}
> -
> -# XXX TODO - we'll need to account for other cgroup groups beside 'lxc',
> -# i.e. 'build' or 'users/joe'.
> -for dir in `/bin/ls $d`; do
> -    if [ "$dir" = "devices" ]; then
> -        devicesdir="${d}/${dir}/lxc/${c}"
> -        mkdir -p "$devicesdir"
> -        # set the devices cgroup perms now - we can't change from blacklist to
> -        # whitelist, or add perms, once we have children.
> -        do_devices_setup "$devicesdir" "${c}"
> -    fi
> -    mkdir -p "${d}/${dir}/lxc/${c}/${c}.real"
> -    echo 1 > "${d}/${dir}/lxc/${c}/${c}.real/tasks"
> -    mkdir -p ${d2}/${dir}
> -    mount -n --bind "${d}/${dir}/lxc/${c}/${c}.real" "${d2}/${dir}"
> -done
> diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in
> index 986b2b1..24b9210 100644
> --- a/templates/lxc-cirros.in
> +++ b/templates/lxc-cirros.in
> @@ -121,7 +121,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
>  #lxc.aa_profile = unconfined
>  # To support container nesting on an Ubuntu host, uncomment next two lines:
>  #lxc.aa_profile = lxc-container-default-with-nesting
> -#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
> +#lxc.mount.auto = cgroup
>  
>  lxc.cgroup.devices.deny = a
>  # Allow any mknod (but not using the node)
> -- 
> 1.9.1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140718/3d9b1dd5/attachment.sig>

More information about the lxc-devel mailing list