[Lxc-users] lxc on Fedora 15

Ramez Hanna rhanna at informatiq.org
Tue May 31 17:23:30 UTC 2011 

On Tue, May 31, 2011 at 5:38 PM, Serge Hallyn <serge.hallyn at canonical.com>wrote:

> Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> > On 05/31/2011 01:44 PM, Ramez Hanna wrote:
> > > On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano<daniel.lezcano at free.fr
> >wrote:
> > >
> > >> On 05/31/2011 12:33 PM, Ramez Hanna wrote:
> > >>
> > >>> it seems that lxc cannot handle cgroups when capabilities are not all
> in
> > >>> the
> > >>> same mount
> > >>> it fails now because it cannot write the devices.deny in the cgroup
> > >>> if i comment out all the lxc.cgroup.devices lines in the config of
> the
> > >>> container then i can actually start it
> > >>>
> > >>> I would think that the way lxc identifies the cgroup mount might be
> the
> > >>> part
> > >>> that needs patching
> > >>>
> > >> Thanks for investigating.
> > >>
> > >> The main problem is lxc is cgroup agnostic, so we should find a
> solution
> > >> where we don't break that.
> > >>
> > >> Maybe one solution would be to collect all the mount points found for
> the
> > >> cgroup and try to find the right path when writing or reading from one
> > >> cgroup file.
> > >>
> > > that is what i had in mind, tried looking into the code but my C skills
> are
> > > next to zero
> > >
> > >> Does systemd run lxc within a cgroup which is not the root cgroup ?
> > >>
> > >> the lxc-start command would run under $user/master/
> > > (/sys/fs/cgroup/systemd/$user/$master)
> > > and the container itself would run under $container_name
> > > (/sys/fs/cgroup/systemd/$container_name)
> > > so it would run the container in the root cgroup
> >
> > ouch ! I have to install systemd on a test machine to check how systemd
> > plays with the cgroup.
> > I don't think the cgroup created by lxc should escape the cgroup the
> > command is assigned to.
>
> Another similar - and easier to setup - thing we need to address is running
> on a system with libcgroup installed.
>
> For both, I assume it'll basically come down to:
>
>  1. figure out the path of the cgroup we are in for each cgroup we care
>     about
>  2. create new child cgroup for ourselves in each of the above paths whic
>     is unique
>  3. track those through the lifetime of the container
>
> So it just slightly complicates what's being done now.
>
> -serge
>
how does libcgroup change things? does it also mount cgroup on different
points ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110531/e385af20/attachment.html>

More information about the lxc-users mailing list