On Thu, Jul 17, 2014 at 10:21:31PM +0000, Serge Hallyn wrote: > Quoting Stéphane Graber ([email protected]): > > On Thu, Jul 17, 2014 at 02:08:59PM +0000, Serge Hallyn wrote: > > > That mount hook predates the lxc.mount.auto = cgroup option. So mention > > > that instead. > > > > > > Perhaps we should simply drop the mountcgroup hook from the tree, but > > > I'm not doing that in this patch. > > > > > > (This addresses > > > https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1342960) > > > > > > Signed-off-by: Serge Hallyn <[email protected]> > > > > Acked-by: Stéphane Graber <[email protected]> > > > > And unless someone strongly feels otherwise, I'd +1 the removal of the > > hook from the tree too. > > Ok, let's do it then: > > > Subject: [PATCH 1/1] remove mountcgroup hook entirely > > Also fix the comment in lxc-cirros template (which I overlooked last time). > > Signed-off-by: Serge Hallyn <[email protected]>
Acked-by: Stéphane Graber <[email protected]> > --- > hooks/Makefile.am | 1 - > hooks/mountcgroups | 69 > ------------------------------------------------- > templates/lxc-cirros.in | 2 +- > 3 files changed, 1 insertion(+), 71 deletions(-) > delete mode 100755 hooks/mountcgroups > > diff --git a/hooks/Makefile.am b/hooks/Makefile.am > index 64bb26b..be55601 100644 > --- a/hooks/Makefile.am > +++ b/hooks/Makefile.am > @@ -2,7 +2,6 @@ hooksdir=@LXCHOOKDIR@ > > hooks_SCRIPTS = \ > clonehostname \ > - mountcgroups \ > mountecryptfsroot \ > ubuntu-cloud-prep \ > squid-deb-proxy-client > diff --git a/hooks/mountcgroups b/hooks/mountcgroups > deleted file mode 100755 > index 073929c..0000000 > --- a/hooks/mountcgroups > +++ /dev/null > @@ -1,69 +0,0 @@ > -#!/bin/bash > - > -# (C) Copyright Canonical 2011,2012 > - > -# This library is free software; you can redistribute it and/or > -# modify it under the terms of the GNU Lesser General Public > -# License as published by the Free Software Foundation; either > -# version 2.1 of the License, or (at your option) any later version. > - > -# This library is distributed in the hope that it will be useful, > -# but WITHOUT ANY WARRANTY; without even the implied warranty of > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > -# Lesser General Public License for more details. > - > -# You should have received a copy of the GNU Lesser General Public > -# License along with this library; if not, write to the Free Software > -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 > USA > - > -# > -# This is an example hook to mount all mounted cgroups in the > -# container. Only the container's own cgroup (not parents) will be > -# accessible to the container. You can enable this by adding > -# lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups > -# to your container's configuration file. > - > -set -e > - > -c=$1 > -configfile=$LXC_CONFIG_FILE > -d=/sys/fs/cgroup > -d2=$LXC_ROOTFS_MOUNT/${d} > -# name lxc hook lxcpath > -lxcpath=$4 > -if [ ! -d "$d" ]; then > - exit 0 > -fi > - > -mount -n -t tmpfs tmpfs ${d2} > - > -do_devices_setup() { > - local devdir="$1" > - local c="$2" > - local line > - local w # which (allow or deny) > - local v # value > - # lxc.include provides common configuration options > - local commonconfigfile=$(egrep "^lxc.include[ \t]*=" ${configfile} | awk > -F= '{ print $2 }') > - cat ${configfile} ${commonconfigfile} | egrep > "^lxc.cgroup.devices.(allow|deny)[ \t]*=" | while read line; do > - w=`echo $line | awk -F. '{ print $4 }' | awk '{ print $1 }'` > - v=`echo $line | awk -F= '{ print $2 }'` > - echo "$v" >> "$devdir"/devices.$w > - done > -} > - > -# XXX TODO - we'll need to account for other cgroup groups beside 'lxc', > -# i.e. 'build' or 'users/joe'. > -for dir in `/bin/ls $d`; do > - if [ "$dir" = "devices" ]; then > - devicesdir="${d}/${dir}/lxc/${c}" > - mkdir -p "$devicesdir" > - # set the devices cgroup perms now - we can't change from blacklist > to > - # whitelist, or add perms, once we have children. > - do_devices_setup "$devicesdir" "${c}" > - fi > - mkdir -p "${d}/${dir}/lxc/${c}/${c}.real" > - echo 1 > "${d}/${dir}/lxc/${c}/${c}.real/tasks" > - mkdir -p ${d2}/${dir} > - mount -n --bind "${d}/${dir}/lxc/${c}/${c}.real" "${d2}/${dir}" > -done > diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in > index 986b2b1..24b9210 100644 > --- a/templates/lxc-cirros.in > +++ b/templates/lxc-cirros.in > @@ -121,7 +121,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time > #lxc.aa_profile = unconfined > # To support container nesting on an Ubuntu host, uncomment next two lines: > #lxc.aa_profile = lxc-container-default-with-nesting > -#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups > +#lxc.mount.auto = cgroup > > lxc.cgroup.devices.deny = a > # Allow any mknod (but not using the node) > -- > 1.9.1 > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
