Hi Serge, On Tue, Dec 10, 2013 at 2:41 PM, Serge Hallyn <serge.hal...@ubuntu.com> wrote: > Quoting S.Çağlar Onur (cag...@10ur.org): >> Hi, >> >> On Mon, Dec 9, 2013 at 4:44 PM, Stéphane Graber <stgra...@ubuntu.com> wrote: >> > On Mon, Dec 09, 2013 at 04:29:11PM -0500, S.Çağlar Onur wrote: >> >> [Forwarding to new lxc-devel as I replied to old sf list] >> >> >> >> >> >> ---------- Forwarded message ---------- >> >> From: S.Çağlar Onur <cag...@10ur.org> >> >> Date: Mon, Dec 9, 2013 at 4:26 PM >> >> Subject: Re: [lxc-devel] [PATCH] add comments about running unconfined >> >> or nesting containers back to ubuntu.common.conf >> >> To: Stéphane Graber <stgra...@ubuntu.com> >> >> Cc: lxc-de...@lists.sourceforge.net >> >> >> >> >> >> Hi Stéphane, >> >> >> >> On Mon, Dec 9, 2013 at 3:04 PM, Stéphane Graber <stgra...@ubuntu.com> >> >> wrote: >> >> > On Sat, Dec 07, 2013 at 06:04:10PM -0500, S.Çağlar Onur wrote: >> >> >> Signed-off-by: S.Çağlar Onur <cag...@10ur.org> >> >> > >> >> > I'll reword the comment a bit to let them know to copy/paste the comment >> >> > to the container's config instead of changing it in the common file >> >> > which would get overwritten on upgrade and would also affect all >> >> > containers. >> >> >> >> Thanks for doing that. >> >> >> >> On a separate note, it looks like /usr/share/lxc/hooks/mountcgroups >> >> hook seems to have some issues (but couldn't find some time to debug >> >> further). I migrated my nested containers to the new style config >> >> (that's how I realized those comments are gone :P) but now the first >> >> start is always failing with "lxc-start: command get_cgroup failed to >> >> receive response" error and one after just works. >> > >> > Yeah, I've noticed that too... it seems to be related to the way LXC >> > sets up its cgroups. I believe I mentioned some issues like that to >> > Serge a while back but it's not very high on the todo since our goal is >> > to instead have LXC use the new cgroup manager and deprecate that hook >> > entirely by the time 1.0 is out. >> >> Oh I wasn't aware of you planning to finish cgmanager before 1.0, >> that's great news! > > Currently create, chown, getvalue, gitpidcgroup, and movepid work, on > host and in user namespaces. I'll implement setvalue today. I need to > write a proxy to send scm creds for unprivileged users in non-init > pidns. Then I'll need to think on whether to keep the current > get/setvalue behavior - which accept the filename and values directly - > or put in a slight abstraction (i.e. 'memory limit:x'). > > Then we're ready to start testing lxc against it.
That is really exciting news. > In the meantime, if you see the problem with the existing cgroup code, a > patch is of course very welcome :) Will try to do that as soon as I find some free time to work on it :) > thanks, > -serge > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel Best, -- S.Çağlar Onur <cag...@10ur.org> _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
