[Lxc-users] lxc on Fedora 15
Daniel Lezcano
daniel.lezcano at free.fr
Tue May 31 11:54:12 UTC 2011
On 05/31/2011 01:44 PM, Ramez Hanna wrote:
> On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano<daniel.lezcano at free.fr>wrote:
>
>> On 05/31/2011 12:33 PM, Ramez Hanna wrote:
>>
>>> it seems that lxc cannot handle cgroups when capabilities are not all in
>>> the
>>> same mount
>>> it fails now because it cannot write the devices.deny in the cgroup
>>> if i comment out all the lxc.cgroup.devices lines in the config of the
>>> container then i can actually start it
>>>
>>> I would think that the way lxc identifies the cgroup mount might be the
>>> part
>>> that needs patching
>>>
>> Thanks for investigating.
>>
>> The main problem is lxc is cgroup agnostic, so we should find a solution
>> where we don't break that.
>>
>> Maybe one solution would be to collect all the mount points found for the
>> cgroup and try to find the right path when writing or reading from one
>> cgroup file.
>>
> that is what i had in mind, tried looking into the code but my C skills are
> next to zero
>
>> Does systemd run lxc within a cgroup which is not the root cgroup ?
>>
>> the lxc-start command would run under $user/master/
> (/sys/fs/cgroup/systemd/$user/$master)
> and the container itself would run under $container_name
> (/sys/fs/cgroup/systemd/$container_name)
> so it would run the container in the root cgroup
ouch ! I have to install systemd on a test machine to check how systemd
plays with the cgroup.
I don't think the cgroup created by lxc should escape the cgroup the
command is assigned to.
More information about the lxc-users
mailing list