[libvirt] [PATCH 2/3] Misc fixes for LXC cgroups setup

Daniel Veillard veillard at redhat.com
Fri Mar 5 13:30:46 UTC 2010


On Thu, Mar 04, 2010 at 11:27:18AM +0000, Daniel P. Berrange wrote:
> When using the 'ns' cgroup controller, the moment a process calls
> 'unshare(CLONE_NEWNS)', it will be given a private cgroup tree
> under its current location. This really messages up the LXC
> controller process, because it ends up creating the containers'
> cgroup in the wrong place. The fix is fairly easy, just move
> the cgroup setup before the code which calls unshare(). The
> 'ns' controller will still create extra undesired cgroups, but
> they at least won't break libvirt's setup now.
> 
> The patch also adds a missing cgroups allow rule for /dev/tty
> device node
> ---
>  src/lxc/lxc_container.h  |    1 +
>  src/lxc/lxc_controller.c |    9 +++++----
>  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/src/lxc/lxc_container.h b/src/lxc/lxc_container.h
> index a1dd5a1..9e15642 100644
> --- a/src/lxc/lxc_container.h
> +++ b/src/lxc/lxc_container.h
> @@ -39,6 +39,7 @@ enum {
>  #define LXC_DEV_MIN_URANDOM 9
>  
>  #define LXC_DEV_MAJ_TTY     5
> +#define LXC_DEV_MIN_TTY     0
>  #define LXC_DEV_MIN_CONSOLE 1
>  #define LXC_DEV_MIN_PTMX    2
>  
> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
> index 95970cc..525c6cb 100644
> --- a/src/lxc/lxc_controller.c
> +++ b/src/lxc/lxc_controller.c
> @@ -78,6 +78,7 @@ static int lxcSetContainerResources(virDomainDefPtr def)
>          {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
>          {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
>          {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
> +        {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
>          {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE},
>          {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
>          {0,   0, 0}};
> @@ -301,7 +302,7 @@ static int lxcControllerMain(int monitor,
>      fdArray[0].active = 0;
>      fdArray[1].fd = contPty;
>      fdArray[1].active = 0;
> -
> +    VIR_ERROR("monitor=%d client=%d appPty=%d contPty=%d", monitor,client, appPty, contPty);
>      /* create the epoll fild descriptor */
>      epollFd = epoll_create(2);
>      if (0 > epollFd) {
> @@ -516,6 +517,9 @@ lxcControllerRun(virDomainDefPtr def,
>  
>      root = virDomainGetRootFilesystem(def);
>  
> +    if (lxcSetContainerResources(def) < 0)
> +        goto cleanup;
> +
>      /*
>       * If doing a chroot style setup, we need to prepare
>       * a private /dev/pts for the child now, which they
> @@ -599,9 +603,6 @@ lxcControllerRun(virDomainDefPtr def,
>      }
>  
>  
> -    if (lxcSetContainerResources(def) < 0)
> -        goto cleanup;
> -
>      if ((container = lxcContainerStart(def,
>                                         nveths,
>                                         veths,

  ACK,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/




More information about the libvir-list mailing list