[Lxc-users] lxc on Fedora 15
Serge Hallyn
serge.hallyn at canonical.com
Tue May 31 14:38:26 UTC 2011
Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> On 05/31/2011 01:44 PM, Ramez Hanna wrote:
> > On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano<daniel.lezcano at free.fr>wrote:
> >
> >> On 05/31/2011 12:33 PM, Ramez Hanna wrote:
> >>
> >>> it seems that lxc cannot handle cgroups when capabilities are not all in
> >>> the
> >>> same mount
> >>> it fails now because it cannot write the devices.deny in the cgroup
> >>> if i comment out all the lxc.cgroup.devices lines in the config of the
> >>> container then i can actually start it
> >>>
> >>> I would think that the way lxc identifies the cgroup mount might be the
> >>> part
> >>> that needs patching
> >>>
> >> Thanks for investigating.
> >>
> >> The main problem is lxc is cgroup agnostic, so we should find a solution
> >> where we don't break that.
> >>
> >> Maybe one solution would be to collect all the mount points found for the
> >> cgroup and try to find the right path when writing or reading from one
> >> cgroup file.
> >>
> > that is what i had in mind, tried looking into the code but my C skills are
> > next to zero
> >
> >> Does systemd run lxc within a cgroup which is not the root cgroup ?
> >>
> >> the lxc-start command would run under $user/master/
> > (/sys/fs/cgroup/systemd/$user/$master)
> > and the container itself would run under $container_name
> > (/sys/fs/cgroup/systemd/$container_name)
> > so it would run the container in the root cgroup
>
> ouch ! I have to install systemd on a test machine to check how systemd
> plays with the cgroup.
> I don't think the cgroup created by lxc should escape the cgroup the
> command is assigned to.
Another similar - and easier to setup - thing we need to address is running
on a system with libcgroup installed.
For both, I assume it'll basically come down to:
1. figure out the path of the cgroup we are in for each cgroup we care
about
2. create new child cgroup for ourselves in each of the above paths whic
is unique
3. track those through the lifetime of the container
So it just slightly complicates what's being done now.
-serge
More information about the lxc-users
mailing list