[lxc-devel] [PATCH 1/1] Remove mention of mountcgroups in ubuntu.common config

Serge Hallyn serge.hallyn at ubuntu.com
Fri Jul 18 14:00:19 UTC 2014 

Hi,

My guess is no, but mwarfield will be the best person to address this
(when he returns).

-serge

Quoting Jesse Tane (jesse.tane at gmail.com):
> Speaking of this, I've been using the (similar) hooks from here to get
> systemd working inside containers:
> 
> https://lists.linuxcontainers.org/pipermail/lxc-users/2014-May/007069.html
> 
> is there any more official / recommended way of doing this yet? Otherwise
> lxc-start hangs at: 'Failed to mount cgroup at /sys/fs/cgroup/systemd:
> Permission denied'
> 
> 
> On Thu, Jul 17, 2014 at 6:30 PM, Stéphane Graber <stgraber at ubuntu.com>
> wrote:
> 
> > On Thu, Jul 17, 2014 at 10:21:31PM +0000, Serge Hallyn wrote:
> > > Quoting Stéphane Graber (stgraber at ubuntu.com):
> > > > On Thu, Jul 17, 2014 at 02:08:59PM +0000, Serge Hallyn wrote:
> > > > > That mount hook predates the lxc.mount.auto = cgroup option.  So
> > mention
> > > > > that instead.
> > > > >
> > > > > Perhaps we should simply drop the mountcgroup hook from the tree, but
> > > > > I'm not doing that in this patch.
> > > > >
> > > > > (This addresses
> > https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1342960)
> > > > >
> > > > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > > >
> > > > Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> > > >
> > > > And unless someone strongly feels otherwise, I'd +1 the removal of the
> > > > hook from the tree too.
> > >
> > > Ok, let's do it then:
> > >
> > >
> > > Subject: [PATCH 1/1] remove mountcgroup hook entirely
> > >
> > > Also fix the comment in lxc-cirros template (which I overlooked last
> > time).
> > >
> > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> >
> > Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> >
> > > ---
> > >  hooks/Makefile.am       |  1 -
> > >  hooks/mountcgroups      | 69
> > -------------------------------------------------
> > >  templates/lxc-cirros.in |  2 +-
> > >  3 files changed, 1 insertion(+), 71 deletions(-)
> > >  delete mode 100755 hooks/mountcgroups
> > >
> > > diff --git a/hooks/Makefile.am b/hooks/Makefile.am
> > > index 64bb26b..be55601 100644
> > > --- a/hooks/Makefile.am
> > > +++ b/hooks/Makefile.am
> > > @@ -2,7 +2,6 @@ hooksdir=@LXCHOOKDIR@
> > >
> > >  hooks_SCRIPTS = \
> > >       clonehostname \
> > > -     mountcgroups \
> > >       mountecryptfsroot \
> > >       ubuntu-cloud-prep \
> > >       squid-deb-proxy-client
> > > diff --git a/hooks/mountcgroups b/hooks/mountcgroups
> > > deleted file mode 100755
> > > index 073929c..0000000
> > > --- a/hooks/mountcgroups
> > > +++ /dev/null
> > > @@ -1,69 +0,0 @@
> > > -#!/bin/bash
> > > -
> > > -# (C) Copyright Canonical 2011,2012
> > > -
> > > -# This library is free software; you can redistribute it and/or
> > > -# modify it under the terms of the GNU Lesser General Public
> > > -# License as published by the Free Software Foundation; either
> > > -# version 2.1 of the License, or (at your option) any later version.
> > > -
> > > -# This library is distributed in the hope that it will be useful,
> > > -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> > > -# Lesser General Public License for more details.
> > > -
> > > -# You should have received a copy of the GNU Lesser General Public
> > > -# License along with this library; if not, write to the Free Software
> > > -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> > 02110-1301 USA
> > > -
> > > -#
> > > -# This is an example hook to mount all mounted cgroups in the
> > > -# container.  Only the container's own cgroup (not parents) will be
> > > -# accessible to the container.  You can enable this by adding
> > > -# lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
> > > -# to your container's configuration file.
> > > -
> > > -set -e
> > > -
> > > -c=$1
> > > -configfile=$LXC_CONFIG_FILE
> > > -d=/sys/fs/cgroup
> > > -d2=$LXC_ROOTFS_MOUNT/${d}
> > > -# name lxc hook lxcpath
> > > -lxcpath=$4
> > > -if [ ! -d "$d" ]; then
> > > -    exit 0
> > > -fi
> > > -
> > > -mount -n -t tmpfs tmpfs ${d2}
> > > -
> > > -do_devices_setup() {
> > > -    local devdir="$1"
> > > -    local c="$2"
> > > -    local line
> > > -    local w  # which (allow or deny)
> > > -    local v  # value
> > > -    # lxc.include provides common configuration options
> > > -    local commonconfigfile=$(egrep "^lxc.include[ \t]*=" ${configfile}
> > | awk -F= '{ print $2 }')
> > > -    cat ${configfile} ${commonconfigfile} | egrep
> > "^lxc.cgroup.devices.(allow|deny)[ \t]*=" | while read line; do
> > > -        w=`echo $line | awk -F. '{ print $4 }' | awk '{ print $1 }'`
> > > -        v=`echo $line | awk -F= '{ print $2 }'`
> > > -        echo "$v" >> "$devdir"/devices.$w
> > > -    done
> > > -}
> > > -
> > > -# XXX TODO - we'll need to account for other cgroup groups beside 'lxc',
> > > -# i.e. 'build' or 'users/joe'.
> > > -for dir in `/bin/ls $d`; do
> > > -    if [ "$dir" = "devices" ]; then
> > > -        devicesdir="${d}/${dir}/lxc/${c}"
> > > -        mkdir -p "$devicesdir"
> > > -        # set the devices cgroup perms now - we can't change from
> > blacklist to
> > > -        # whitelist, or add perms, once we have children.
> > > -        do_devices_setup "$devicesdir" "${c}"
> > > -    fi
> > > -    mkdir -p "${d}/${dir}/lxc/${c}/${c}.real"
> > > -    echo 1 > "${d}/${dir}/lxc/${c}/${c}.real/tasks"
> > > -    mkdir -p ${d2}/${dir}
> > > -    mount -n --bind "${d}/${dir}/lxc/${c}/${c}.real" "${d2}/${dir}"
> > > -done
> > > diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in
> > > index 986b2b1..24b9210 100644
> > > --- a/templates/lxc-cirros.in
> > > +++ b/templates/lxc-cirros.in
> > > @@ -121,7 +121,7 @@ lxc.cap.drop = sys_module mac_admin mac_override
> > sys_time
> > >  #lxc.aa_profile = unconfined
> > >  # To support container nesting on an Ubuntu host, uncomment next two
> > lines:
> > >  #lxc.aa_profile = lxc-container-default-with-nesting
> > > -#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
> > > +#lxc.mount.auto = cgroup
> > >
> > >  lxc.cgroup.devices.deny = a
> > >  # Allow any mknod (but not using the node)
> > > --
> > > 1.9.1
> > >
> > > _______________________________________________
> > > lxc-devel mailing list
> > > lxc-devel at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
> > --
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> >
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
> >

> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

More information about the lxc-devel mailing list