[lxc-users] LXC duplicate cgroup “cpu,cpuacct” - “cpuacct,cpu”

[Ondřej Vlk]

Hello,

I run priviledged containers on Centos 7. I want to have isolated
cgroups inside container, so I don't want other containers to see
cgroups of other containers. I have set lxc.mount.auto to cgroup:mixed,
so I should not be able to see other containers groups in
/sys/fs/cgroup, but i see them.

On host FS it looks like this
  # ls -1 /sys/fs/cgroup
  blkio
  cpu
  cpuacct
  cpu,cpuacct
  cpuset
  devices
  freezer
  hugetlb
  memory
  net_cls
  perf_event
  systemd

On cotainer:
  # ls -1 /sys/fs/cgroup/
  blkio
  cpu
  cpuacct
  cpuacct,cpu
  cpu,cpuacct
  cpuset
  devices
  freezer
  hugetlb
  memory
  net_cls
  perf_event
  systemd


As you can see, LXC has created directory "cpuacct,cpu" which is not
present on host system. Each directory in containers /sys/fs/cgroup/
are isolated from host cgroups (so it behave correctly according to the
cgroup:mixed) except "cpu,cpuacct". In directory "cpu,cpuacct" are
informations about all containers which run on host (it has same
content like "cpu,cpuacct" on host system).


Is there some problem in my configuration or is it problem with LXC?

Container config:
  lxc.network.type = veth
  lxc.network.flags = up
  lxc.network.link = br1 
  lxc.network.ipv4=172.16.0.10/16
  lxc.network.ipv4.gateway=172.16.0.1
  lxc.network.name = eth0
  lxc.network.hwaddr = fe:4a:a0:67:75:a0
  lxc.rootfs = /var/lib/lxc/container001/rootfs
  lxc.start.auto = 1

  lxc.include = /usr/share/lxc/config/centos.common.conf
  lxc.mount.auto = sys:ro proc:mixed cgroup:mixed
  lxc.arch = x86_64
  lxc.utsname = container001

  lxc.autodev = 1
  lxc.kmsg = 0