[Lxc-users] lxc on Fedora 15

Ramez Hanna rhanna at informatiq.org
Tue May 31 11:58:43 UTC 2011


On Tue, May 31, 2011 at 2:54 PM, Daniel Lezcano <daniel.lezcano at free.fr>wrote:

> On 05/31/2011 01:44 PM, Ramez Hanna wrote:
>
>> On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano<daniel.lezcano at free.fr
>> >wrote:
>>
>>  On 05/31/2011 12:33 PM, Ramez Hanna wrote:
>>>
>>>  it seems that lxc cannot handle cgroups when capabilities are not all in
>>>> the
>>>> same mount
>>>> it fails now because it cannot write the devices.deny in the cgroup
>>>> if i comment out all the lxc.cgroup.devices lines in the config of the
>>>> container then i can actually start it
>>>>
>>>> I would think that the way lxc identifies the cgroup mount might be the
>>>> part
>>>> that needs patching
>>>>
>>>>  Thanks for investigating.
>>>
>>> The main problem is lxc is cgroup agnostic, so we should find a solution
>>> where we don't break that.
>>>
>>> Maybe one solution would be to collect all the mount points found for the
>>> cgroup and try to find the right path when writing or reading from one
>>> cgroup file.
>>>
>>>  that is what i had in mind, tried looking into the code but my C skills
>> are
>> next to zero
>>
>>  Does systemd run lxc within a cgroup which is not the root cgroup ?
>>>
>>> the lxc-start command would run under $user/master/
>>>
>> (/sys/fs/cgroup/systemd/$user/$master)
>> and the container itself would run under $container_name
>> (/sys/fs/cgroup/systemd/$container_name)
>> so it would run the container in the root cgroup
>>
>
> ouch ! I have to install systemd on a test machine to check how systemd
> plays with the cgroup.
> I don't think the cgroup created by lxc should escape the cgroup the
> command is assigned to.
>

if there is anything i can investigate for you just let me know
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110531/b18cc4ad/attachment.html>


More information about the lxc-users mailing list