[libvirt] [RFC][PATCH] lxc: fix for ns cgroups subsystem

Ryota Ozaki ozaki.ryota at gmail.com
Fri May 8 06:45:02 UTC 2009


Hi Serge,

On Fri, May 8, 2009 at 11:48 AM, Serge E. Hallyn <serue at us.ibm.com> wrote:
> IIUC, the real problem is that src/cgroup.c assumes that the
> cgroup name should be $CGROUP_MOUNTPOINT/groupname.  But of
> course if the ns cgroup is enabled, then the unshare(CLONE_NEWNS)
> to create a new namespace in which to mount the new devpts
> locks the driver under $CGROUP_MOUNTPOINT/<pid_of_driver>/
> or somesuch.
>
> If this fixes the problem I have no objections, but it seems
> more fragile than perhaps trying to teach src/cgroup.c to
> consider it's current cgroup as a starting point.

hmm, I don't know why the assumption is bad and how the approach
you are suggesting helps the ns problem.

Thanks,
  ozaki-r

>
> -serge
>
> Quoting Ryota Ozaki (ozaki.ryota at gmail.com):
>> >From 46531182708dc3eb132b14ce2f23fbc639430176 Mon Sep 17 00:00:00 2001
>> From: Ryota Ozaki <ozaki.ryota at gmail.com>
>> Date: Fri, 8 May 2009 05:31:03 +0900
>> Subject: [PATCH] lxc: fix for ns cgroups subsystem
>>
>> lxc does not work if ns cgroups subsystem is enabled because
>> of two factors; one is that ns has a special rule to create
>> a group[*] unlike other subsystems and the other is lxc
>> controller creates a new namespace for /dev/pts prior to
>> create a new group for a domain. Unfortunately the new
>> namespace breaks the rule of ns and that prevents a lxc
>> controller from creating a new group.
>>
>> This patch addresses the problem by creating a new group
>> before creating a new namespace (i.e. call unshare syscall).
>>
>> Note that this patch is only for the case ns is enabled and
>> current code works well if it disabled. However, I think
>> this patch makes sense because not just a few users know
>> much about cgroups and likely to enable all of subsystems
>> without notions (i.e. mount cgroups without any options).
>>
>> [*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD
>> ---
>>  src/lxc_controller.c |    6 +++---
>>  1 files changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/src/lxc_controller.c b/src/lxc_controller.c
>> index e0fb05d..1231817 100644
>> --- a/src/lxc_controller.c
>> +++ b/src/lxc_controller.c
>> @@ -458,6 +458,9 @@ lxcControllerRun(virDomainDefPtr def,
>>          goto cleanup;
>>      }
>>
>> +    if (lxcSetContainerResources(def) < 0)
>> +        goto cleanup;
>> +
>>      root = virDomainGetRootFilesystem(def);
>>
>>      /*
>> @@ -543,9 +546,6 @@ lxcControllerRun(virDomainDefPtr def,
>>      }
>>
>>
>> -    if (lxcSetContainerResources(def) < 0)
>> -        goto cleanup;
>> -
>>      if ((container = lxcContainerStart(def,
>>                                         nveths,
>>                                         veths,
>> --
>> 1.6.0.6
>>
>> --
>> Libvir-list mailing list
>> Libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>




More information about the libvir-list mailing list