Hi, My guess is no, but mwarfield will be the best person to address this (when he returns).
-serge Quoting Jesse Tane ([email protected]): > Speaking of this, I've been using the (similar) hooks from here to get > systemd working inside containers: > > https://lists.linuxcontainers.org/pipermail/lxc-users/2014-May/007069.html > > is there any more official / recommended way of doing this yet? Otherwise > lxc-start hangs at: 'Failed to mount cgroup at /sys/fs/cgroup/systemd: > Permission denied' > > > On Thu, Jul 17, 2014 at 6:30 PM, Stéphane Graber <[email protected]> > wrote: > > > On Thu, Jul 17, 2014 at 10:21:31PM +0000, Serge Hallyn wrote: > > > Quoting Stéphane Graber ([email protected]): > > > > On Thu, Jul 17, 2014 at 02:08:59PM +0000, Serge Hallyn wrote: > > > > > That mount hook predates the lxc.mount.auto = cgroup option. So > > mention > > > > > that instead. > > > > > > > > > > Perhaps we should simply drop the mountcgroup hook from the tree, but > > > > > I'm not doing that in this patch. > > > > > > > > > > (This addresses > > https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1342960) > > > > > > > > > > Signed-off-by: Serge Hallyn <[email protected]> > > > > > > > > Acked-by: Stéphane Graber <[email protected]> > > > > > > > > And unless someone strongly feels otherwise, I'd +1 the removal of the > > > > hook from the tree too. > > > > > > Ok, let's do it then: > > > > > > > > > Subject: [PATCH 1/1] remove mountcgroup hook entirely > > > > > > Also fix the comment in lxc-cirros template (which I overlooked last > > time). > > > > > > Signed-off-by: Serge Hallyn <[email protected]> > > > > Acked-by: Stéphane Graber <[email protected]> > > > > > --- > > > hooks/Makefile.am | 1 - > > > hooks/mountcgroups | 69 > > ------------------------------------------------- > > > templates/lxc-cirros.in | 2 +- > > > 3 files changed, 1 insertion(+), 71 deletions(-) > > > delete mode 100755 hooks/mountcgroups > > > > > > diff --git a/hooks/Makefile.am b/hooks/Makefile.am > > > index 64bb26b..be55601 100644 > > > --- a/hooks/Makefile.am > > > +++ b/hooks/Makefile.am > > > @@ -2,7 +2,6 @@ hooksdir=@LXCHOOKDIR@ > > > > > > hooks_SCRIPTS = \ > > > clonehostname \ > > > - mountcgroups \ > > > mountecryptfsroot \ > > > ubuntu-cloud-prep \ > > > squid-deb-proxy-client > > > diff --git a/hooks/mountcgroups b/hooks/mountcgroups > > > deleted file mode 100755 > > > index 073929c..0000000 > > > --- a/hooks/mountcgroups > > > +++ /dev/null > > > @@ -1,69 +0,0 @@ > > > -#!/bin/bash > > > - > > > -# (C) Copyright Canonical 2011,2012 > > > - > > > -# This library is free software; you can redistribute it and/or > > > -# modify it under the terms of the GNU Lesser General Public > > > -# License as published by the Free Software Foundation; either > > > -# version 2.1 of the License, or (at your option) any later version. > > > - > > > -# This library is distributed in the hope that it will be useful, > > > -# but WITHOUT ANY WARRANTY; without even the implied warranty of > > > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > > -# Lesser General Public License for more details. > > > - > > > -# You should have received a copy of the GNU Lesser General Public > > > -# License along with this library; if not, write to the Free Software > > > -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA > > 02110-1301 USA > > > - > > > -# > > > -# This is an example hook to mount all mounted cgroups in the > > > -# container. Only the container's own cgroup (not parents) will be > > > -# accessible to the container. You can enable this by adding > > > -# lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups > > > -# to your container's configuration file. > > > - > > > -set -e > > > - > > > -c=$1 > > > -configfile=$LXC_CONFIG_FILE > > > -d=/sys/fs/cgroup > > > -d2=$LXC_ROOTFS_MOUNT/${d} > > > -# name lxc hook lxcpath > > > -lxcpath=$4 > > > -if [ ! -d "$d" ]; then > > > - exit 0 > > > -fi > > > - > > > -mount -n -t tmpfs tmpfs ${d2} > > > - > > > -do_devices_setup() { > > > - local devdir="$1" > > > - local c="$2" > > > - local line > > > - local w # which (allow or deny) > > > - local v # value > > > - # lxc.include provides common configuration options > > > - local commonconfigfile=$(egrep "^lxc.include[ \t]*=" ${configfile} > > | awk -F= '{ print $2 }') > > > - cat ${configfile} ${commonconfigfile} | egrep > > "^lxc.cgroup.devices.(allow|deny)[ \t]*=" | while read line; do > > > - w=`echo $line | awk -F. '{ print $4 }' | awk '{ print $1 }'` > > > - v=`echo $line | awk -F= '{ print $2 }'` > > > - echo "$v" >> "$devdir"/devices.$w > > > - done > > > -} > > > - > > > -# XXX TODO - we'll need to account for other cgroup groups beside 'lxc', > > > -# i.e. 'build' or 'users/joe'. > > > -for dir in `/bin/ls $d`; do > > > - if [ "$dir" = "devices" ]; then > > > - devicesdir="${d}/${dir}/lxc/${c}" > > > - mkdir -p "$devicesdir" > > > - # set the devices cgroup perms now - we can't change from > > blacklist to > > > - # whitelist, or add perms, once we have children. > > > - do_devices_setup "$devicesdir" "${c}" > > > - fi > > > - mkdir -p "${d}/${dir}/lxc/${c}/${c}.real" > > > - echo 1 > "${d}/${dir}/lxc/${c}/${c}.real/tasks" > > > - mkdir -p ${d2}/${dir} > > > - mount -n --bind "${d}/${dir}/lxc/${c}/${c}.real" "${d2}/${dir}" > > > -done > > > diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in > > > index 986b2b1..24b9210 100644 > > > --- a/templates/lxc-cirros.in > > > +++ b/templates/lxc-cirros.in > > > @@ -121,7 +121,7 @@ lxc.cap.drop = sys_module mac_admin mac_override > > sys_time > > > #lxc.aa_profile = unconfined > > > # To support container nesting on an Ubuntu host, uncomment next two > > lines: > > > #lxc.aa_profile = lxc-container-default-with-nesting > > > -#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups > > > +#lxc.mount.auto = cgroup > > > > > > lxc.cgroup.devices.deny = a > > > # Allow any mknod (but not using the node) > > > -- > > > 1.9.1 > > > > > > _______________________________________________ > > > lxc-devel mailing list > > > [email protected] > > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > -- > > Stéphane Graber > > Ubuntu developer > > http://www.ubuntu.com > > > > _______________________________________________ > > lxc-devel mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
