Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
---
src/lxc/conf.c | 37 ++++++++++++++++++++++++++++++++-----
src/lxc/conf.h | 2 ++
src/lxc/start.c | 5 +++++
3 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 746a2db..6a9b493 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1401,7 +1401,14 @@ static int setup_kmsg(const struct lxc_rootfs *rootfs,
return 0;
}
-int setup_cgroup(const char *cgpath, struct lxc_list *cgroups)
+static const char *pre_enter_subsystems[] = {
+ "memory.kmem.limit_in_bytes",
+ NULL
+};
+
+
+static int _setup_cgroup(const char *cgpath, struct lxc_list *cgroups,
+ int pre_enter_match)
{
struct lxc_list *iterator;
struct lxc_cgroup *cg;
@@ -1411,13 +1418,23 @@ int setup_cgroup(const char *cgpath, struct lxc_list
*cgroups)
return 0;
lxc_list_for_each(iterator, cgroups) {
+ const char **subsys;
+ int subsys_match = 0;
cg = iterator->elem;
- if (lxc_cgroup_set_bypath(cgpath, cg->subsystem, cg->value)) {
- ERROR("Error setting %s to %s for %s\n", cg->subsystem,
- cg->value, cgpath);
- goto out;
+ for (subsys = pre_enter_subsystems;
+ *subsys && !subsys_match; subsys++) {
+ subsys_match = !strcmp(*subsys, cg->subsystem);
+ }
+
+ if (subsys_match == pre_enter_match) {
+ if (lxc_cgroup_set_bypath(cgpath, cg->subsystem,
+ cg->value)) {
+ ERROR("Error setting %s to %s for %s\n",
+ cg->subsystem, cg->value, cgpath);
+ goto out;
+ }
}
DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value);
@@ -1429,6 +1446,16 @@ out:
return ret;
}
+int setup_cgroup_pre_enter(const char *cgpath, struct lxc_list *cgroups)
+{
+ return _setup_cgroup(cgpath, cgroups, 1);
+}
+
+int setup_cgroup(const char *cgpath, struct lxc_list *cgroups)
+{
+ return _setup_cgroup(cgpath, cgroups, 0);
+}
+
static void parse_mntopt(char *opt, unsigned long *flags, char **data)
{
struct mount_opt *mo;
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 465b1ec..ead2502 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -313,6 +313,8 @@ extern int lxc_clear_cgroups(struct lxc_conf *c, const char
*key);
extern int lxc_clear_mount_entries(struct lxc_conf *c);
extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
+extern int setup_cgroup_pre_enter(const char *cgpath,
+ struct lxc_list *cgroups);
extern int setup_cgroup(const char *name, struct lxc_list *cgroups);
extern int uid_shift_ttys(int pid, struct lxc_conf *conf);
diff --git a/src/lxc/start.c b/src/lxc/start.c
index fd96d4f..85e3ea9 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -809,6 +809,11 @@ int lxc_spawn(struct lxc_handler *handler)
if ((handler->cgroup = lxc_cgroup_path_create(NULL, name)) == NULL)
goto out_delete_net;
+ if (setup_cgroup_pre_enter(handler->cgroup, &handler->conf->cgroup)) {
+ ERROR("failed to setup the pre-enter cgroups for '%s'", name);
+ goto out_delete_net;
+ }
+
if (lxc_cgroup_enter(handler->cgroup, handler->pid) < 0)
goto out_delete_net;
--
1.8.1.4
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
