[libvirt] [PATCH 2/3] Misc fixes for LXC cgroups setup
Daniel Veillard
veillard at redhat.com
Fri Mar 5 13:30:46 UTC 2010
On Thu, Mar 04, 2010 at 11:27:18AM +0000, Daniel P. Berrange wrote:
> When using the 'ns' cgroup controller, the moment a process calls
> 'unshare(CLONE_NEWNS)', it will be given a private cgroup tree
> under its current location. This really messages up the LXC
> controller process, because it ends up creating the containers'
> cgroup in the wrong place. The fix is fairly easy, just move
> the cgroup setup before the code which calls unshare(). The
> 'ns' controller will still create extra undesired cgroups, but
> they at least won't break libvirt's setup now.
>
> The patch also adds a missing cgroups allow rule for /dev/tty
> device node
> ---
> src/lxc/lxc_container.h | 1 +
> src/lxc/lxc_controller.c | 9 +++++----
> 2 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/lxc_container.h b/src/lxc/lxc_container.h
> index a1dd5a1..9e15642 100644
> --- a/src/lxc/lxc_container.h
> +++ b/src/lxc/lxc_container.h
> @@ -39,6 +39,7 @@ enum {
> #define LXC_DEV_MIN_URANDOM 9
>
> #define LXC_DEV_MAJ_TTY 5
> +#define LXC_DEV_MIN_TTY 0
> #define LXC_DEV_MIN_CONSOLE 1
> #define LXC_DEV_MIN_PTMX 2
>
> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
> index 95970cc..525c6cb 100644
> --- a/src/lxc/lxc_controller.c
> +++ b/src/lxc/lxc_controller.c
> @@ -78,6 +78,7 @@ static int lxcSetContainerResources(virDomainDefPtr def)
> {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
> {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
> {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
> + {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
> {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE},
> {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
> {0, 0, 0}};
> @@ -301,7 +302,7 @@ static int lxcControllerMain(int monitor,
> fdArray[0].active = 0;
> fdArray[1].fd = contPty;
> fdArray[1].active = 0;
> -
> + VIR_ERROR("monitor=%d client=%d appPty=%d contPty=%d", monitor,client, appPty, contPty);
> /* create the epoll fild descriptor */
> epollFd = epoll_create(2);
> if (0 > epollFd) {
> @@ -516,6 +517,9 @@ lxcControllerRun(virDomainDefPtr def,
>
> root = virDomainGetRootFilesystem(def);
>
> + if (lxcSetContainerResources(def) < 0)
> + goto cleanup;
> +
> /*
> * If doing a chroot style setup, we need to prepare
> * a private /dev/pts for the child now, which they
> @@ -599,9 +603,6 @@ lxcControllerRun(virDomainDefPtr def,
> }
>
>
> - if (lxcSetContainerResources(def) < 0)
> - goto cleanup;
> -
> if ((container = lxcContainerStart(def,
> nveths,
> veths,
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list