On 2/5/21 4:27 AM, Michal Koutný wrote:
Hello Tom.
On Wed, Feb 03, 2021 at 03:56:37PM -0700, Tom Hromatka
<tom.hroma...@oracle.com> wrote:
These changes are in preparation for adding tests for
cgrulesengd. It currently does not run within a
container.
What is the issue? Is it related to cgroup namespaces,
NETLINK_CONNECTOR/CN_IDX_PROC API or anything else?
Good question. I should have added more details.
I can't find an easy workaround for the netlink socket. In another
forum, Stephane posted this possible workaround [1], but no
matter what I tried, I couldn't get the permissions straightened
out to successfully run setns within the container.
[1]
https://discuss.linuxcontainers.org/t/can-application-in-lxc-listen-to-the-netlink-message-from-the-host-kernel/1442
(I understand that the no-container mode, uses whole system as
test-ground is therefore meant to be run in throwaway VMs, right?)
Yes, exactly! I believe the tests are safe and clean up properly,
but they really should be run in a throwaway VM. I can't guarantee
that they won't harm someone's existing cgroup hierarchy.
Thanks.
Tom
Thanks,
Michal
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
