[libvirt] [PATCH 2/2] LXC: rework mounting cgroupfs in container
Daniel P. Berrange
berrange at redhat.com
Fri Apr 5 11:29:18 UTC 2013
On Fri, Apr 05, 2013 at 10:16:43AM +0800, Gao feng wrote:
> On 2013/03/27 13:26, Gao feng wrote:
> > On 2013/03/20 16:14, Gao feng wrote:
> >> There are 3 reason we need to rework the cgroupfs
> >> mounting in container.
> >>
> >> 1, Yin Olivia reported a "failed to mount cgroup"
> >> problem, now we given that the name of cgroup mount point
> >> is same with the subsystem type, Or libvirt_lxc
> >> will fail to start.
> >>
> >> 2, The cgroup configuration is leaked to the container,
> >> even user can change host's cgroup configuration in
> >> container.
> >>
> >> 3, After we enable userns, the cgroupfs is unable to be
> >> mounted in uninit-userns.
> >>
> >> This patch tries to resolve these 3 problem,
> >> uses mount --bind to set cgroupfs for container.
> >>
> >> It means the directory /sys/fs/cgroup/memory/libvirt/lxc/domain
> >> of host will be binded to the directory /sys/fs/cgroup/memory of
> >> container.
> >>
> >
> > what's your idea about this patch?
> >
>
> Ping Again
The pach has the right idea, but it clashes with the refactoring I've
done for cgroups and LXC. I'll update your patch to apply ontop of this
series:
https://www.redhat.com/archives/libvir-list/2013-April/msg00352.html
and copy you on the mail when i post it.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list