[Lxc-users] restricting container visible cpus
Serge E. Hallyn
serue at us.ibm.com
Thu Jan 28 15:44:21 UTC 2010
Quoting atp (atp at lmax.com):
> I'm looking at trying to restrict a container's view of the cpus
> available on the system. I'm on fedora 12, with lxc-0.6.5-1.x86_64
> Does anyone know if it is possible to restrict the containers view of
> the number of cpus it has access to? Would the libvirt interface to
> lxc be able to do this?
> In other words, I'm looking to have the value of
> getconf _NPROCESSORS_CONF
> return equal to the number of cpus in cpuset.cpus.
> From the config file.
> lxc.utsname = test
> lxc.tty = 4
> lxc.cgroup.cpuset.cpus = 2
> #lxc.cgroup.cpuset.cpu_exclusive = 1
> lxc.network.type = veth
> The container starts fine, and checking the host cgroup mount
> [root at islab01 test]# cat /cgroup/test/cpuset.cpus
> Gives the expected answer. However inside the container, from both
> /proc/cpuinfo and "top", all the cpus appear to be visible. This is
> a problem for me, as I have some java programs that detect the number
> of cpus and spin off threads accordingly.
> The cpu_exclusive attribute doesn't seem to work too well as well.
> [root at islab01 test]# lxc-start --name test
> lxc-start: write /cgroup/test/cpuset.cpu_exclusive : Invalid argument
> lxc-start: failed to setup the cgroups for 'test'
> lxc-start: failed to setup the container
Sounds like a call for another extension to Daniel's FUSE layer
to mount over /proc :)
More information about the lxc-users