[lxc-devel] [PATCH 1/2] cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0

Stéphane Graber stgraber at ubuntu.com
Mon Apr 6 15:49:08 UTC 2015 

On Tue, Mar 17, 2015 at 07:02:18PM -0500, serge at hallyn.com wrote:
> From: Serge Hallyn <serge.hallyn at ubuntu.com>
> 
> Currently if we are in /user.slice/user-1000.slice/session-c2.scope,
> and we start an unprivileged container t1, it will be in cgroup
> 3:memory:/user.slice/user-1000.slice/session-c2.scope/t1.  If
> we then do a 'lxc-cgroup -n t1 freezer.tasks', cgm_get will
> first switch to 3:memory:/user.slice/user-1000.slice/session-c2.scope
> then look up 't1's values.  The reasons for this are
> 
> 1. cgmanager get_value is relative to your own cgroup, so we need
> to be sure to be in t1's cgroup or an ancestor
> 2. we don't want to be in the container's cgroup bc it might freeze us.
> 
> But in Ubuntu 15.04 it was decided that
> 3:memory:/user.slice/user-1000.slice/session-c2.scope/tasks should
> not be writeable by the user, making this fail.
> 
> Therefore put all unprivileged cgroups under "lxc/%n".  That way
> the "lxc" cgroup should always be owned by the user so that he can
> enter.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/utils.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index e66a01f..f4abe7d 100644
> --- a/src/lxc/utils.c
> +++ b/src/lxc/utils.c
> @@ -322,7 +322,7 @@ const char *lxc_global_config_value(const char *option_name)
>  		sprintf(user_config_path, "%s/.config/lxc/lxc.conf", user_home);
>  		sprintf(user_default_config_path, "%s/.config/lxc/default.conf", user_home);
>  		sprintf(user_lxc_path, "%s/.local/share/lxc/", user_home);
> -		user_cgroup_pattern = strdup("%n");
> +		user_cgroup_pattern = strdup("lxc/%n");
>  	}
>  	else {
>  		user_config_path = strdup(LXC_GLOBAL_CONF);
> -- 
> 1.7.9.5
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150406/627d457c/attachment.sig>

More information about the lxc-devel mailing list