[Lxc-users] Can a process change its container membership ?

Serge E. Hallyn serge.hallyn at canonical.com
Wed Jul 27 22:56:37 UTC 2011


Quoting Vinay Wagh (vinay.h.wagh at gmail.com):
> Hi,
> 
> I had an architectural question on containers. I wanted to use containers to
> run multiple instances of the same application with different resource
> allocation (CPU, memory). The problem is that I have user/kernel space
> drivers that access network processors and I might not be able to run
> multiple instances in this case. These processes need to serve requests from
> applications running in different containers. So I need these processes to
> run in a container that can communicate with other containers. But since
> this process will serve requests from other containers it should be able to
> honor the CPU resource isolation that containers provide.
> 
> To do this I could embed an id in the IPC that maps to the container but I
> still need the serving process to be able to 'switch' in to a different
> container membership based on which container I received the request from.
> Is that something that can be done today or is there another way to do
> this.

Just the moving to different resource isolations, yeah that's simple enough.
Just move yourself into the container's cgroup, then (assuming you're not
using the ns cgroup) back out.  I.e. if the container task's /proc/self
cgroup shows:

  5:freezer:/apache2
  4:memory:/apache2
  3:devices:/apache2
  2:cpuacct:/apache2
  1:cpu:/apache2

and you want the same cpu, cpuacct, and memory restrictions, then do

    for f in cpu cpuacct memory; do
        echo $$ > /sys/fs/cgroup/$f/apache2/tasks
    done

Then to jump back out:

    for f in cpu cpuacct memory; do
        echo $$ > /sys/fs/cgroup/$f/tasks
    done

-serge




More information about the lxc-users mailing list