Quoting Akshay Karle ([email protected]): > > > > > > So this may get fixed with cgroup namespaces, > > > > (i.e. > > https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/log/?h=2015-11-10/cgroupns > > , > > github.com/hallyn/lxcfs #2015-11-10/cgns and github.com/lxc/ > > #2015-11-09/cgns) > > > > This is great! Using this patch would mean that we don't need cgmanager or > lxcfs, is that correct? Does it already work for unprivileged containers?
lxcfs would still be used for virtualizing some procfiles. You wouldn't need cgmanager, though I still prefer using it over cgroupfs for most things :) It does work for unprivileged containers, although the fs flag to make it so may not immediately hit upstream. > If so, I can spend some time trying to generate a deb for the branch, > create an unprivileged container and then try to start up the docker daemon > inside the container to see the next step where it fails. I need to see if > the process of generating debs is documented somewhere. > > > > > but of course for backward compatability that should still be fixed. Which > > requires choosing a way for docker to decide whether cgroups are in fact > > mounted. > > > > For the backward compatibility, it would mean changing docker such that it > can run without checking if the right cgroups are mounted? Ideally we'd find some other reasonable foolproof way of telling whether cgroups are actually mounted. Cgmanager would be a lot easier here :) _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
