[Lxc-users] restricting container visible cpus

[atp]

Hi,

   I'm looking at trying to restrict a container's view of the cpus
available on the system. I'm on fedora 12, with lxc-0.6.5-1.x86_64

Does anyone know if it is possible to restrict the containers view of
the number of cpus it has access to? Would the libvirt interface to 
lxc be able to do this? 

In other words, I'm looking to have the value of 
getconf _NPROCESSORS_CONF

return equal to the number of cpus in cpuset.cpus.

 From the config file.
lxc.utsname = test
lxc.tty = 4
lxc.cgroup.cpuset.cpus = 2
#lxc.cgroup.cpuset.cpu_exclusive = 1
lxc.network.type = veth

The container starts fine, and checking the host cgroup mount

[root at islab01 test]# cat /cgroup/test/cpuset.cpus 
2

Gives the expected answer. However inside the container, from both 
/proc/cpuinfo and "top", all the cpus appear to be visible. This is
a problem for me, as I have some java programs that detect the number
of cpus and spin off threads accordingly. 

The cpu_exclusive attribute doesn't seem to work too well as well.

[root at islab01 test]# lxc-start --name test
lxc-start: write /cgroup/test/cpuset.cpu_exclusive : Invalid argument
lxc-start: failed to setup the cgroups for 'test'
lxc-start: failed to setup the container

Andy


Andrew Phillips
Head of Systems

www.lmax.com 

Office: +44 203 1922509
Mobile: +44 (0)7595 242 900

LMAX | Level 2, Yellow Building | 1 Nicholas Road | London | W11 4AN




The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company.