[Lxc-users] Zombie container

Daniel Lezcano daniel.lezcano at free.fr
Tue Feb 15 10:21:40 UTC 2011


On 02/15/2011 10:17 AM, Milan Zamazal wrote:
>>>>>> "DL" == Daniel Lezcano<daniel.lezcano at free.fr>  writes:
>      DL>  It is probable you have an application creating new namespaces
>      DL>  in the container. That's triggering a new cgroup creation which
>      DL>  is nested with the container's one. This is a kernel feature
>      DL>  (removed for the next kernel version).
>
> Thank you for explanation.
>
> By watching when these subdirectories get created I discovered the
> problem appears when I run `fusermount -u'.
>
>      DL>    * simply do rm -rf /cgroup/blackbird (don't care about the
>      DL>    errors).
>
> This fails with "Operation not permitted" and the problem persists.

Do you try to remove the directories as root when the container exited ?

>      DL>  Launch your container and then look at
>      DL>  /cgroup/blackbird/1234/tasks and look for the command line
>      DL>  associated with the pid in this file.
>
> The `tasks' file is empty.  But it must be fusermount or something
> related to its invocation.

Ok. Interesting.

>      DL>  Hope that helps.
>
> Thank you for help.  Now I know what creates the problem, but I still
> don't know how to safely prevent it or remedy it.  Maybe it's a kernel
> problem (I use standard kernel 2.6.32 from Debian)?

It is not a kernel problem, it's the expected behavior but unfortunately 
the cgroup automatic creation does not really fit with the namespace 
concept. This is why the ns_cgroup will be removed in the next kernel 
version in order to manage the cgroup consistenly.

http://git.kernel.org/?p=linux/kernel/git/sfr/linux-next.git;a=blob;f=Documentation/feature-removal-schedule.txt;h=ada3db8fc9f6307b0b9b51b503353a96b995b62d;hb=b7bbcc2b04070ebd77c827e8ebbd08a5b7493004









More information about the lxc-users mailing list