[libvirt] [RFC][PATCH] lxc: fix for ns cgroups subsystem

Ryota Ozaki ozaki.ryota at gmail.com
Fri May 8 00:05:13 UTC 2009


Hi,

lxc does not work if ns cgroups subsystem is enabled because
of two factors; one is that ns has a special rule to create
a group[*] unlike other subsystems and the other is lxc
controller creates a new namespace for /dev/pts prior to
create a new group for a domain. Unfortunately the new
namespace breaks the rule of ns and that prevents a lxc
controller from creating a new group.

This patch addresses the problem by creating a new group
before creating a new namespace (i.e. call unshare syscall).

Note that this patch is only for the case ns is enabled and
current code works well if it disabled. However, I think
this patch makes sense because not just a few users know
much about cgroups and likely to enable all of subsystems
without notions (i.e. mount cgroups without any options).

[*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD

Thanks,
  ozaki-r

Signed-off-by: Ryota Ozaki <ozaki.ryota at gmail.com>

>From 46531182708dc3eb132b14ce2f23fbc639430176 Mon Sep 17 00:00:00 2001
From: Ryota Ozaki <ozaki.ryota at gmail.com>
Date: Fri, 8 May 2009 05:31:03 +0900
Subject: [PATCH] lxc: fix for ns cgroups subsystem

lxc does not work if ns cgroups subsystem is enabled because
of two factors; one is that ns has a special rule to create
a group[*] unlike other subsystems and the other is lxc
controller creates a new namespace for /dev/pts prior to
create a new group for a domain. Unfortunately the new
namespace breaks the rule of ns and that prevents a lxc
controller from creating a new group.

This patch addresses the problem by creating a new group
before creating a new namespace (i.e. call unshare syscall).

Note that this patch is only for the case ns is enabled and
current code works well if it disabled. However, I think
this patch makes sense because not just a few users know
much about cgroups and likely to enable all of subsystems
without notions (i.e. mount cgroups without any options).

[*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD
---
 src/lxc_controller.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc_controller.c b/src/lxc_controller.c
index e0fb05d..1231817 100644
--- a/src/lxc_controller.c
+++ b/src/lxc_controller.c
@@ -458,6 +458,9 @@ lxcControllerRun(virDomainDefPtr def,
         goto cleanup;
     }

+    if (lxcSetContainerResources(def) < 0)
+        goto cleanup;
+
     root = virDomainGetRootFilesystem(def);

     /*
@@ -543,9 +546,6 @@ lxcControllerRun(virDomainDefPtr def,
     }


-    if (lxcSetContainerResources(def) < 0)
-        goto cleanup;
-
     if ((container = lxcContainerStart(def,
                                        nveths,
                                        veths,
-- 
1.6.0.6




More information about the libvir-list mailing list