[libvirt] [PATCH 0 of 2] [RFC] Add cgroup manipulation and LXC driver support

Balbir Singh balbir at linux.vnet.ibm.com
Tue Sep 30 03:58:58 UTC 2008

Dan Smith wrote:
> This patch set adds basic cgroup support to the LXC driver.  It consists of
> a small internal cgroup manipulation API, as well as changes to the driver
> itself to utilize the support.  Currently, we just set a memory limit
> and the allowed devices list.  The cgroup.{c,h} interface can be easily
> redirected to libcgroup in the future if and when the decision to move in
> that direction is made.
> Some discussion on the following points is probably warranted, to help
> determine how deep we want to go with this internal implementation, in terms'
> of supporting complex system configurations, etc.
>  - What to do if controllers are mounted in multiple places

For all practical purposes, it is not possible to mount all controllers at the
same place. Consider a simple case of "ns", if the ns controller is mounted, you
need root permissions to create new groups, which defeats the whole purpose of
the cgroup filesystem and assigning permissions, so that an application can
create groups on it own.

>  - What to do if memory and device controllers aren't present
>  - What to do if the root group is set for exclusive cpuset behavior

These need to be fixed as well.


