[Lxc-users] How to get a "local view" of the cgroupfs inside a container

Jäkel, Guido G.Jaekel at dnb.de
Tue Jul 5 16:25:26 UTC 2011


Hi all,

after having a private discussion with  Serge E. Hallyn  and then inspired by the posting of  Matto Fransen  on the thread  "read only rootfs"  I was able to realize an entry from my wish list, which may be useful for others, too: 

	To have a (read-only) access limited to "it's" branch of the cgroupfs inside a container.


This might be useful to write some tool to be run inside a container in a "canonical way", i.e. with a fixed path (disregarding of the mount point prefix, which may be taken from /proc/mounts) and without knowing the name of the current container running in.  You may compare it to the mechanism of user beancounters in openVZ at  /proc/user_beancounters .

One may e.g. write something like a replacement for 'free', which will use the values from the /cgroup/memory.*-entries to show up the "right" values. Because at the moment, the "normal" syscall used by free and others will yield the "wrong" values from the host.


At the moment too, one can't mount any subtrees of the cgroupfs. But I found that this can be "emulated" by use of a bind-mount. And it can made read-only by use of the same instrument, too. From that, it turns out that the feature in discussion can be already set up without including new features into lxc.

Using lxc-0.7.4.1, I just had to add a "dynamical" config option (lxc-start -s ...) to my lxc maintenance masterscript, in particular

	-s lxc.mount.entry="/cgroup/$CONTAINER  cgroup  none  ro,bind  0 0"

where  $CONTAINER  is the shell variable holding the name of the container to start. I my case, at the host i'm using a single cgroupfs holding all subsystems at /cgroup. Notice, that with 0.7.4.1 the destination mount point -- it will also be /cgroup with respect to the container's rootfs -- have to be relative.

After booting the container, you'll find it's cgroup subtree mounted read-only at /cgroup.


with greetings


Guido




More information about the lxc-users mailing list