[libvirt] [PATCH 2/2] LXC: rework mounting cgroupfs in container
Gao feng
gaofeng at cn.fujitsu.com
Mon Apr 8 07:36:54 UTC 2013
On 2013/04/05 19:29, Daniel P. Berrange wrote:
> On Fri, Apr 05, 2013 at 10:16:43AM +0800, Gao feng wrote:
>> On 2013/03/27 13:26, Gao feng wrote:
>>> On 2013/03/20 16:14, Gao feng wrote:
>>>> There are 3 reason we need to rework the cgroupfs
>>>> mounting in container.
>>>>
>>>> 1, Yin Olivia reported a "failed to mount cgroup"
>>>> problem, now we given that the name of cgroup mount point
>>>> is same with the subsystem type, Or libvirt_lxc
>>>> will fail to start.
>>>>
>>>> 2, The cgroup configuration is leaked to the container,
>>>> even user can change host's cgroup configuration in
>>>> container.
>>>>
>>>> 3, After we enable userns, the cgroupfs is unable to be
>>>> mounted in uninit-userns.
>>>>
>>>> This patch tries to resolve these 3 problem,
>>>> uses mount --bind to set cgroupfs for container.
>>>>
>>>> It means the directory /sys/fs/cgroup/memory/libvirt/lxc/domain
>>>> of host will be binded to the directory /sys/fs/cgroup/memory of
>>>> container.
>>>>
>>>
>>> what's your idea about this patch?
>>>
>>
>> Ping Again
>
> The pach has the right idea, but it clashes with the refactoring I've
> done for cgroups and LXC. I'll update your patch to apply ontop of this
> series:
>
> https://www.redhat.com/archives/libvir-list/2013-April/msg00352.html
>
> and copy you on the mail when i post it.
>
Ok,I will wait for your upgrade, Thanks for your work.
Gao
More information about the libvir-list
mailing list