[lxc-users] Disappearing cgroups
Serge E. Hallyn
serge at hallyn.com
Fri Oct 11 13:18:33 UTC 2019
On Thu, Oct 10, 2019 at 11:59:29AM +0100, Ben Green wrote:
> Quoting "Serge E. Hallyn" <serge at hallyn.com>:
>
> > On Wed, Oct 09, 2019 at 08:54:54AM +0100, Ben Green wrote:
> > > Quoting "Serge E. Hallyn" <serge at hallyn.com>:
> > >
> > > >
> > > > Actually you probably only want to chown the tasks and cgroup.procs files
> > > > to lxcadmin:, as otherwise the containers can raise their limits.
> > > >
> > >
> > > I've made that change, rebooted and started the containers, the result is
> >
> > Can you show the script you're using?
> >
>
>
> My /home/lxcadmin/.profile now reads:
>
> # ~/.profile: executed by bash for login shells.
> /usr/local/bin/lxccgroup-enter-container-cgroup
>
>
> -------------------
>
> /usr/local/bin/lxccgroup-enter-container-cgroups now reads:
>
>
> #!/bin/bash
>
> echo "Adding this user to the 'forcontainers' cgroup directory"
> for i in $(find /sys/fs/cgroup/ -maxdepth 1 -mindepth 1 -type d | grep -v
> unified); do echo $PPID > $i/forcontainers/tasks ; done
>
> -------------------
>
>
> /usr/local/sbin/lxccgroup-add-dirs now reads:
>
> #!/bin/bash
>
> for i in $(find /sys/fs/cgroup/ -maxdepth 1 -mindepth 1 -type d)
> do
> mkdir -p $i/forcontainers
> echo $i/forcontainers
> chown lxcadmin:lxcadmin $i/forcontainers
> chown lxcadmin:lxcadmin $i/forcontainers/tasks
> chown lxcadmin:lxcadmin $i/forcontainers/cgroup.procs
> done
Oh, ok. Yeah, so the forcontainers/* other than tasks and cgroup.procs
will be root owned. But any containers you create under that will be
wholly owned by you. For the most part, the cgroups won't allow you
to change your limits to exceed those of 'forcontainers'. So that's
all fine.
-serge
More information about the lxc-users
mailing list