[libvirt] [RFC PATCH 3/6] LXC: only mount cgroupfs when userns is disabled
Gao feng
gaofeng at cn.fujitsu.com
Thu Mar 14 01:18:29 UTC 2013
On 2013/03/13 18:59, Daniel P. Berrange wrote:
> On Mon, Mar 11, 2013 at 02:26:49PM +0800, Gao feng wrote:
>> Since we can't mount cgroupfs in uninit user namespace
>> now. only mount cgroupfs when userns is disabled.
>>
>> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
>> ---
>> src/lxc/lxc_container.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
>> index 5c66ae3..92af3e5 100644
>> --- a/src/lxc/lxc_container.c
>> +++ b/src/lxc/lxc_container.c
>> @@ -1979,7 +1979,8 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
>>
>> /* Now we can re-mount the cgroups controllers in the
>> * same configuration as before */
>> - if (lxcContainerMountCGroups(mounts, nmounts,
>> + if (vmDef->os.userns != VIR_DOMAIN_USER_NS_ENABLED &&
>> + lxcContainerMountCGroups(mounts, nmounts,
>> cgroupRoot, sec_mount_options) < 0)
>> goto cleanup;
>>
>> @@ -2087,7 +2088,8 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef,
>>
>> /* Now we can re-mount the cgroups controllers in the
>> * same configuration as before */
>> - if (lxcContainerMountCGroups(mounts, nmounts,
>> + if (vmDef->os.userns != VIR_DOMAIN_USER_NS_ENABLED &&
>> + lxcContainerMountCGroups(mounts, nmounts,
>> cgroupRoot, sec_mount_options) < 0)
>> goto cleanup;
>
> I'm not sure that this is the right approach for this. If we can't mount
> the cgroups filesystems, then we need preserve the existing mounts from
> the host in some way, rather than unmounting them.
>
I wonder if we should use mount --bind to set cgroupfs for container.
we can mount the directory /sys/fs/cgroup/memory/libvirt/lxc/domain
of host to the directory /sys/fs/cgroup/memory of container.
This can also resolve the cgroup configuration leak problem,
and can also resolve the "failed to mount cgroup" problem reported
by Yin Olivia.
More information about the libvir-list
mailing list