[Lxc-users] lxc on Fedora 15

Serge Hallyn serge.hallyn at canonical.com
Tue May 31 19:00:07 UTC 2011 

Quoting Ramez Hanna (rhanna at informatiq.org):
> On Tue, May 31, 2011 at 5:38 PM, Serge Hallyn <serge.hallyn at canonical.com>wrote:
> 
> > Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> > > On 05/31/2011 01:44 PM, Ramez Hanna wrote:
> > > > On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano<daniel.lezcano at free.fr
> > >wrote:
> > > >
> > > >> On 05/31/2011 12:33 PM, Ramez Hanna wrote:
> > > >>
> > > >>> it seems that lxc cannot handle cgroups when capabilities are not all
> > in
> > > >>> the
> > > >>> same mount
> > > >>> it fails now because it cannot write the devices.deny in the cgroup
> > > >>> if i comment out all the lxc.cgroup.devices lines in the config of
> > the
> > > >>> container then i can actually start it
> > > >>>
> > > >>> I would think that the way lxc identifies the cgroup mount might be
> > the
> > > >>> part
> > > >>> that needs patching
> > > >>>
> > > >> Thanks for investigating.
> > > >>
> > > >> The main problem is lxc is cgroup agnostic, so we should find a
> > solution
> > > >> where we don't break that.
> > > >>
> > > >> Maybe one solution would be to collect all the mount points found for
> > the
> > > >> cgroup and try to find the right path when writing or reading from one
> > > >> cgroup file.
> > > >>
> > > > that is what i had in mind, tried looking into the code but my C skills
> > are
> > > > next to zero
> > > >
> > > >> Does systemd run lxc within a cgroup which is not the root cgroup ?
> > > >>
> > > >> the lxc-start command would run under $user/master/
> > > > (/sys/fs/cgroup/systemd/$user/$master)
> > > > and the container itself would run under $container_name
> > > > (/sys/fs/cgroup/systemd/$container_name)
> > > > so it would run the container in the root cgroup
> > >
> > > ouch ! I have to install systemd on a test machine to check how systemd
> > > plays with the cgroup.
> > > I don't think the cgroup created by lxc should escape the cgroup the
> > > command is assigned to.
> >
> > Another similar - and easier to setup - thing we need to address is running
> > on a system with libcgroup installed.
> >
> > For both, I assume it'll basically come down to:
> >
> >  1. figure out the path of the cgroup we are in for each cgroup we care
> >     about
> >  2. create new child cgroup for ourselves in each of the above paths whic
> >     is unique
> >  3. track those through the lifetime of the container
> >
> > So it just slightly complicates what's being done now.
> >
> > -serge
> >
> how does libcgroup change things? does it also mount cgroup on different
> points ?

Yes, in whatever way you ask it to.

-serge

More information about the lxc-users mailing list