Speaking of this, I've been using the (similar) hooks from here to get systemd working inside containers:
https://lists.linuxcontainers.org/pipermail/lxc-users/2014-May/007069.html is there any more official / recommended way of doing this yet? Otherwise lxc-start hangs at: 'Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied' On Thu, Jul 17, 2014 at 6:30 PM, Stéphane Graber <[email protected]> wrote: > On Thu, Jul 17, 2014 at 10:21:31PM +0000, Serge Hallyn wrote: > > Quoting Stéphane Graber ([email protected]): > > > On Thu, Jul 17, 2014 at 02:08:59PM +0000, Serge Hallyn wrote: > > > > That mount hook predates the lxc.mount.auto = cgroup option. So > mention > > > > that instead. > > > > > > > > Perhaps we should simply drop the mountcgroup hook from the tree, but > > > > I'm not doing that in this patch. > > > > > > > > (This addresses > https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1342960) > > > > > > > > Signed-off-by: Serge Hallyn <[email protected]> > > > > > > Acked-by: Stéphane Graber <[email protected]> > > > > > > And unless someone strongly feels otherwise, I'd +1 the removal of the > > > hook from the tree too. > > > > Ok, let's do it then: > > > > > > Subject: [PATCH 1/1] remove mountcgroup hook entirely > > > > Also fix the comment in lxc-cirros template (which I overlooked last > time). > > > > Signed-off-by: Serge Hallyn <[email protected]> > > Acked-by: Stéphane Graber <[email protected]> > > > --- > > hooks/Makefile.am | 1 - > > hooks/mountcgroups | 69 > ------------------------------------------------- > > templates/lxc-cirros.in | 2 +- > > 3 files changed, 1 insertion(+), 71 deletions(-) > > delete mode 100755 hooks/mountcgroups > > > > diff --git a/hooks/Makefile.am b/hooks/Makefile.am > > index 64bb26b..be55601 100644 > > --- a/hooks/Makefile.am > > +++ b/hooks/Makefile.am > > @@ -2,7 +2,6 @@ hooksdir=@LXCHOOKDIR@ > > > > hooks_SCRIPTS = \ > > clonehostname \ > > - mountcgroups \ > > mountecryptfsroot \ > > ubuntu-cloud-prep \ > > squid-deb-proxy-client > > diff --git a/hooks/mountcgroups b/hooks/mountcgroups > > deleted file mode 100755 > > index 073929c..0000000 > > --- a/hooks/mountcgroups > > +++ /dev/null > > @@ -1,69 +0,0 @@ > > -#!/bin/bash > > - > > -# (C) Copyright Canonical 2011,2012 > > - > > -# This library is free software; you can redistribute it and/or > > -# modify it under the terms of the GNU Lesser General Public > > -# License as published by the Free Software Foundation; either > > -# version 2.1 of the License, or (at your option) any later version. > > - > > -# This library is distributed in the hope that it will be useful, > > -# but WITHOUT ANY WARRANTY; without even the implied warranty of > > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > -# Lesser General Public License for more details. > > - > > -# You should have received a copy of the GNU Lesser General Public > > -# License along with this library; if not, write to the Free Software > > -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA > 02110-1301 USA > > - > > -# > > -# This is an example hook to mount all mounted cgroups in the > > -# container. Only the container's own cgroup (not parents) will be > > -# accessible to the container. You can enable this by adding > > -# lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups > > -# to your container's configuration file. > > - > > -set -e > > - > > -c=$1 > > -configfile=$LXC_CONFIG_FILE > > -d=/sys/fs/cgroup > > -d2=$LXC_ROOTFS_MOUNT/${d} > > -# name lxc hook lxcpath > > -lxcpath=$4 > > -if [ ! -d "$d" ]; then > > - exit 0 > > -fi > > - > > -mount -n -t tmpfs tmpfs ${d2} > > - > > -do_devices_setup() { > > - local devdir="$1" > > - local c="$2" > > - local line > > - local w # which (allow or deny) > > - local v # value > > - # lxc.include provides common configuration options > > - local commonconfigfile=$(egrep "^lxc.include[ \t]*=" ${configfile} > | awk -F= '{ print $2 }') > > - cat ${configfile} ${commonconfigfile} | egrep > "^lxc.cgroup.devices.(allow|deny)[ \t]*=" | while read line; do > > - w=`echo $line | awk -F. '{ print $4 }' | awk '{ print $1 }'` > > - v=`echo $line | awk -F= '{ print $2 }'` > > - echo "$v" >> "$devdir"/devices.$w > > - done > > -} > > - > > -# XXX TODO - we'll need to account for other cgroup groups beside 'lxc', > > -# i.e. 'build' or 'users/joe'. > > -for dir in `/bin/ls $d`; do > > - if [ "$dir" = "devices" ]; then > > - devicesdir="${d}/${dir}/lxc/${c}" > > - mkdir -p "$devicesdir" > > - # set the devices cgroup perms now - we can't change from > blacklist to > > - # whitelist, or add perms, once we have children. > > - do_devices_setup "$devicesdir" "${c}" > > - fi > > - mkdir -p "${d}/${dir}/lxc/${c}/${c}.real" > > - echo 1 > "${d}/${dir}/lxc/${c}/${c}.real/tasks" > > - mkdir -p ${d2}/${dir} > > - mount -n --bind "${d}/${dir}/lxc/${c}/${c}.real" "${d2}/${dir}" > > -done > > diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in > > index 986b2b1..24b9210 100644 > > --- a/templates/lxc-cirros.in > > +++ b/templates/lxc-cirros.in > > @@ -121,7 +121,7 @@ lxc.cap.drop = sys_module mac_admin mac_override > sys_time > > #lxc.aa_profile = unconfined > > # To support container nesting on an Ubuntu host, uncomment next two > lines: > > #lxc.aa_profile = lxc-container-default-with-nesting > > -#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups > > +#lxc.mount.auto = cgroup > > > > lxc.cgroup.devices.deny = a > > # Allow any mknod (but not using the node) > > -- > > 1.9.1 > > > > _______________________________________________ > > lxc-devel mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel > >
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
