[lxc-users] LXC 3.0: Removal of cgmanager And cgfs cgroup Drivers
Christian Brauner
christian.brauner at mailbox.org
Tue Feb 20 23:15:40 UTC 2018
On Tue, Feb 20, 2018 at 07:17:42PM +0100, Dirk Geschke wrote:
> Hi Christian,
>
> > > Does this mean that lxc 3.0 is systemd-only?
> >
> > No!
> >
> > This has no effect whatsoever on what init system you are running. This
> > is completely orthogonal and to some extent always has been. In fact,
> > we've become even more agnostic wrt to what init binary (be it a full
> > init system or a simple application) can be run. Additionally, the
> > current cgroup driver contains logic:
> > - to mount cgroups for an init system that doesn't mount cgroups by
> > itself (e.g. OpenRC) even when cgroup namespaces are supported.
> > Something which wasn't possible before without specifying
> > lxc.mount.entry entries or running hooks.
> > - to mount cgroups for container that drop CAP_SYS_ADMIN (privilged and
> > unprivileged) in their user namespace
>
> that sounds great: Well done!
>
> BTW: Do you know the kernel parameter for cgroup namespaces? The
> kernel config knows only about CONFIG_NAMESPACES, UTS_NS, IPC_NS,
> USER_NS, PID_NS and NET_NS. I know, there are cgroup namespaces,
> but what is the configuration parameter? I'm just wondering...
There's no separate flag for cgroup namespaces in the upstream kernel.
Cgroup namespaces are usually enabled by setting CONFIG_CGROUPS=y. From
the manpage (man cgroup_namespaces):
"Use of cgroup namespaces requires a kernel that is configured with the
CONFIG_CGROUPS option."
Christian
More information about the lxc-users
mailing list