[libvirt] A bug that libvirt lxc can't destroy all container process.

曹远志 caoyuanzhi at kylinos.cn
Tue Aug 8 02:40:05 UTC 2017

Hello all, 
This is my first mail to this list, so let me introduce myself. My name is yuanzhi cao, and I work in the oVirt team. Currently We are using libvirt lxc in large-scale and found that libvirt can't destroy container process normally .


 System: zesty
 libvirt version: 2.5.0-3ubuntu5
 vm rootfs release: ubuntu:16.04
 1. Run command "virsh -c lxc:// start vm" and the release of vm is xenial
 2. Run command "pa aux|grep init" ,you would find the pid of init launch by vm.
 3. Run command "virsh -c lxc:// destroy vm".
 4. Run command "virsh -c lxc:// list --all" and "ps aux|grep init" ,you  could find that vm is shutoff, but the init process launch by vm is  still running.
Infact I have found the case of this bug, there is a patch after 1.3.1 that import this bug.
 Commit: dc576025c360a1d2c89da410d0f3f0da55d0143f [dc57602]
 Parents: 511e7c5bba
 Author: Daniel P. Berrange <berrange at redhat.com>
 Date: 2016年1月23日 GMT+8 上午12:07:18
 Commit Date: 2016年1月27日 GMT+8 上午12:11:32
 lxc: don't try to hide parent cgroups inside container
Cgroups inside container does't hide parent, so the process of container can change it own cgroup to  another cgroup.
 lxc destroy process by read cgroup tasks file,if process change it own cgroup,it can't destroy container process normally.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170808/647064d0/attachment-0001.htm>

More information about the libvir-list mailing list