[Lxc-users] Zombie container
Daniel Lezcano
daniel.lezcano at free.fr
Tue Feb 15 10:21:40 UTC 2011
On 02/15/2011 10:17 AM, Milan Zamazal wrote:
>>>>>> "DL" == Daniel Lezcano<daniel.lezcano at free.fr> writes:
> DL> It is probable you have an application creating new namespaces
> DL> in the container. That's triggering a new cgroup creation which
> DL> is nested with the container's one. This is a kernel feature
> DL> (removed for the next kernel version).
>
> Thank you for explanation.
>
> By watching when these subdirectories get created I discovered the
> problem appears when I run `fusermount -u'.
>
> DL> * simply do rm -rf /cgroup/blackbird (don't care about the
> DL> errors).
>
> This fails with "Operation not permitted" and the problem persists.
Do you try to remove the directories as root when the container exited ?
> DL> Launch your container and then look at
> DL> /cgroup/blackbird/1234/tasks and look for the command line
> DL> associated with the pid in this file.
>
> The `tasks' file is empty. But it must be fusermount or something
> related to its invocation.
Ok. Interesting.
> DL> Hope that helps.
>
> Thank you for help. Now I know what creates the problem, but I still
> don't know how to safely prevent it or remedy it. Maybe it's a kernel
> problem (I use standard kernel 2.6.32 from Debian)?
It is not a kernel problem, it's the expected behavior but unfortunately
the cgroup automatic creation does not really fit with the namespace
concept. This is why the ns_cgroup will be removed in the next kernel
version in order to manage the cgroup consistenly.
http://git.kernel.org/?p=linux/kernel/git/sfr/linux-next.git;a=blob;f=Documentation/feature-removal-schedule.txt;h=ada3db8fc9f6307b0b9b51b503353a96b995b62d;hb=b7bbcc2b04070ebd77c827e8ebbd08a5b7493004
More information about the lxc-users
mailing list