[Lxc-users] restricting container visible cpus

Daniel Lezcano daniel.lezcano at free.fr
Mon Feb 1 20:57:22 UTC 2010


atp wrote:
> Daniel,
>
>   
>> I already proposed this approach but it was rightfully rejected. I think 
>> that will be a total mess to handle that from the kernel because if you 
>> add the cpus, after you will need the memory, the swap, hide the content 
>> of some files etc ...
>>     
>
>  Fair enough. I can see how it would be rejected. It was a quick and
> dirty hack to see if it would work. It also violates the principle of
> least surprise. My problem is that Java will "autotune" itself for 
> the number of cpus it can see. 
>
>   
>> For this reason, it was proposed to use a fuse filesystem on top of 
>> /proc to override the information, there is a prototype here:
>>
>> At present it overrides the /proc/meminfo and hide some files.
>> Adding /proc/cpuinfo is trivial.
>>
>> If you are interested, I can send you a tarball.
>>     
>
>  Yes please. I've never used fuse, so a pointer to an idiots guide would
> be handy. I'll see about adding /proc/cpuinfo. I'm guessing that the 
> fuse namespace runs in user space in the host, not the container, as it
> will need to access information  from cgroupfs. 
>   
It's for the moment very experimental, it's a prototype:
http://lxc.sourceforge.net/download/procfs/procfs.tar.gz

IMO, the code is easy to follow.

The fuse in mounted in the container but the code expect to share the 
rootfs.

That needs to be modified to support more files, to be configurable, run 
in a chrooted environment, etc ...

>> The sysfs per namespace is not yet merged. It was rejected because of 
>> some locking problem and because the sysfs itself does need some cleanup 
>> before adding the shadowing directories for the namespace, it's right 
>> now cleanup and pushed little by little. Be patient  :)
>>     
>
>   Can I help? 
>
>   
>> On the other side, the sysfs per namespace will only virtualize 
>> /sys/class/net so it will not give you the right informations for the cpu.
>>     
>
>   Is there a tarball or a repo I can pull from to add the cpu masking
> and give it a try?
>   

You can ask Eric Biederman <ebiederm at xmission.com> for that and for 
the status,

An entry point ;)
http://openvz.org/pipermail/devel/2009-January/016229.html

>   Is there a better mailing list to be asking these sorts of questions?
>   
You can try containers at lists.osdl.org, they are more focused on the 
kernel part, but if you want a big picture view, IMO it's better to ask 
here.

Thanks
  -- Daniel




More information about the lxc-users mailing list