[Lxc-users] restricting container visible cpus
Daniel Lezcano
daniel.lezcano at free.fr
Sun Jan 31 21:50:08 UTC 2010
atp wrote:
> Hi,
>
> I'm looking at trying to restrict a container's view of the cpus
> available on the system. I'm on fedora 12, with lxc-0.6.5-1.x86_64
>
> Does anyone know if it is possible to restrict the containers view of
> the number of cpus it has access to? Would the libvirt interface to
> lxc be able to do this?
>
> In other words, I'm looking to have the value of
> getconf _NPROCESSORS_CONF
>
> return equal to the number of cpus in cpuset.cpus.
>
> From the config file.
> lxc.utsname = test
> lxc.tty = 4
> lxc.cgroup.cpuset.cpus = 2
> #lxc.cgroup.cpuset.cpu_exclusive = 1
> lxc.network.type = veth
>
> The container starts fine, and checking the host cgroup mount
>
> [root at islab01 test]# cat /cgroup/test/cpuset.cpus
> 2
>
> Gives the expected answer. However inside the container, from both
> /proc/cpuinfo and "top", all the cpus appear to be visible. This is
> a problem for me, as I have some java programs that detect the number
> of cpus and spin off threads accordingly.
>
> The cpu_exclusive attribute doesn't seem to work too well as well.
>
> [root at islab01 test]# lxc-start --name test
> lxc-start: write /cgroup/test/cpuset.cpu_exclusive : Invalid argument
> lxc-start: failed to setup the cgroups for 'test'
> lxc-start: failed to setup the container
>
There is a /proc virtualization layer prototype with fuse which needs to
be enhanced but it's not for the short term as there are several issues
with the container itself to be solved before adding it.
But any volunteer is welcome ;)
Thanks.
-- Daniel
More information about the lxc-users
mailing list