Quoting S.Çağlar Onur (cag...@10ur.org): > Hi, > > On Mon, Dec 9, 2013 at 4:44 PM, Stéphane Graber <stgra...@ubuntu.com> wrote: > > On Mon, Dec 09, 2013 at 04:29:11PM -0500, S.Çağlar Onur wrote: > >> [Forwarding to new lxc-devel as I replied to old sf list] > >> > >> > >> ---------- Forwarded message ---------- > >> From: S.Çağlar Onur <cag...@10ur.org> > >> Date: Mon, Dec 9, 2013 at 4:26 PM > >> Subject: Re: [lxc-devel] [PATCH] add comments about running unconfined > >> or nesting containers back to ubuntu.common.conf > >> To: Stéphane Graber <stgra...@ubuntu.com> > >> Cc: lxc-de...@lists.sourceforge.net > >> > >> > >> Hi Stéphane, > >> > >> On Mon, Dec 9, 2013 at 3:04 PM, Stéphane Graber <stgra...@ubuntu.com> > >> wrote: > >> > On Sat, Dec 07, 2013 at 06:04:10PM -0500, S.Çağlar Onur wrote: > >> >> Signed-off-by: S.Çağlar Onur <cag...@10ur.org> > >> > > >> > I'll reword the comment a bit to let them know to copy/paste the comment > >> > to the container's config instead of changing it in the common file > >> > which would get overwritten on upgrade and would also affect all > >> > containers. > >> > >> Thanks for doing that. > >> > >> On a separate note, it looks like /usr/share/lxc/hooks/mountcgroups > >> hook seems to have some issues (but couldn't find some time to debug > >> further). I migrated my nested containers to the new style config > >> (that's how I realized those comments are gone :P) but now the first > >> start is always failing with "lxc-start: command get_cgroup failed to > >> receive response" error and one after just works. > > > > Yeah, I've noticed that too... it seems to be related to the way LXC > > sets up its cgroups. I believe I mentioned some issues like that to > > Serge a while back but it's not very high on the todo since our goal is > > to instead have LXC use the new cgroup manager and deprecate that hook > > entirely by the time 1.0 is out. > > Oh I wasn't aware of you planning to finish cgmanager before 1.0, > that's great news!
Currently create, chown, getvalue, gitpidcgroup, and movepid work, on host and in user namespaces. I'll implement setvalue today. I need to write a proxy to send scm creds for unprivileged users in non-init pidns. Then I'll need to think on whether to keep the current get/setvalue behavior - which accept the filename and values directly - or put in a slight abstraction (i.e. 'memory limit:x'). Then we're ready to start testing lxc against it. In the meantime, if you see the problem with the existing cgroup code, a patch is of course very welcome :) thanks, -serge _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
