[Lxc-users] restricting container visible cpus

Serge E. Hallyn serue at us.ibm.com
Thu Jan 28 15:44:21 UTC 2010


Quoting atp (atp at lmax.com):
> Hi,
> 
>    I'm looking at trying to restrict a container's view of the cpus
> available on the system. I'm on fedora 12, with lxc-0.6.5-1.x86_64
> 
> Does anyone know if it is possible to restrict the containers view of
> the number of cpus it has access to? Would the libvirt interface to 
> lxc be able to do this? 
> 
> In other words, I'm looking to have the value of 
> getconf _NPROCESSORS_CONF
> 
> return equal to the number of cpus in cpuset.cpus.
> 
>  From the config file.
> lxc.utsname = test
> lxc.tty = 4
> lxc.cgroup.cpuset.cpus = 2
> #lxc.cgroup.cpuset.cpu_exclusive = 1
> lxc.network.type = veth
> 
> The container starts fine, and checking the host cgroup mount
> 
> [root at islab01 test]# cat /cgroup/test/cpuset.cpus 
> 2
> 
> Gives the expected answer. However inside the container, from both 
> /proc/cpuinfo and "top", all the cpus appear to be visible. This is
> a problem for me, as I have some java programs that detect the number
> of cpus and spin off threads accordingly. 
> 
> The cpu_exclusive attribute doesn't seem to work too well as well.
> 
> [root at islab01 test]# lxc-start --name test
> lxc-start: write /cgroup/test/cpuset.cpu_exclusive : Invalid argument
> lxc-start: failed to setup the cgroups for 'test'
> lxc-start: failed to setup the container

Sounds like a call for another extension to Daniel's FUSE layer
to mount over /proc  :)

-serge




More information about the lxc-users mailing list