[libvirt] [RFC][PATCH] lxc: fix for ns cgroups subsystem

Serge E. Hallyn serue at us.ibm.com
Fri May 8 02:48:32 UTC 2009 

IIUC, the real problem is that src/cgroup.c assumes that the
cgroup name should be $CGROUP_MOUNTPOINT/groupname.  But of
course if the ns cgroup is enabled, then the unshare(CLONE_NEWNS)
to create a new namespace in which to mount the new devpts
locks the driver under $CGROUP_MOUNTPOINT/<pid_of_driver>/
or somesuch.

If this fixes the problem I have no objections, but it seems
more fragile than perhaps trying to teach src/cgroup.c to
consider it's current cgroup as a starting point.

-serge

Quoting Ryota Ozaki (ozaki.ryota at gmail.com):
> >From 46531182708dc3eb132b14ce2f23fbc639430176 Mon Sep 17 00:00:00 2001
> From: Ryota Ozaki <ozaki.ryota at gmail.com>
> Date: Fri, 8 May 2009 05:31:03 +0900
> Subject: [PATCH] lxc: fix for ns cgroups subsystem
> 
> lxc does not work if ns cgroups subsystem is enabled because
> of two factors; one is that ns has a special rule to create
> a group[*] unlike other subsystems and the other is lxc
> controller creates a new namespace for /dev/pts prior to
> create a new group for a domain. Unfortunately the new
> namespace breaks the rule of ns and that prevents a lxc
> controller from creating a new group.
> 
> This patch addresses the problem by creating a new group
> before creating a new namespace (i.e. call unshare syscall).
> 
> Note that this patch is only for the case ns is enabled and
> current code works well if it disabled. However, I think
> this patch makes sense because not just a few users know
> much about cgroups and likely to enable all of subsystems
> without notions (i.e. mount cgroups without any options).
> 
> [*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD
> ---
>  src/lxc_controller.c |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/src/lxc_controller.c b/src/lxc_controller.c
> index e0fb05d..1231817 100644
> --- a/src/lxc_controller.c
> +++ b/src/lxc_controller.c
> @@ -458,6 +458,9 @@ lxcControllerRun(virDomainDefPtr def,
>          goto cleanup;
>      }
> 
> +    if (lxcSetContainerResources(def) < 0)
> +        goto cleanup;
> +
>      root = virDomainGetRootFilesystem(def);
> 
>      /*
> @@ -543,9 +546,6 @@ lxcControllerRun(virDomainDefPtr def,
>      }
> 
> 
> -    if (lxcSetContainerResources(def) < 0)
> -        goto cleanup;
> -
>      if ((container = lxcContainerStart(def,
>                                         nveths,
>                                         veths,
> -- 
> 1.6.0.6
> 
> --
> Libvir-list mailing list
> Libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

More information about the libvir-list mailing list