Quoting Serge Hallyn (serge.hal...@ubuntu.com): > 3.10 kernel comes with proper hierarchical enforcement of devices > cgroup. To keep that code somewhat sane, certain things are not > allowed. Switching from default-allow to default-deny and vice versa > are not allowed when there are children cgroups. (This *could* be > simplified in the kernel by checking that all child cgroups are > unpopulated, but that has not yet been done and may be rejected) > > The mountcgroup hook causes lxc-start to break with 3.10 kernels, because > you cannot write 'a' to devices.deny once you have a child cgroup. With > this patch, (a) lxcpath is passed to hooks, (b) the cgroup mount hook sets > the container's devices cgroup, and (c) setup_cgroup() during lxc startup > ignores failures to write to devices subsystem if we are already in a > child of the container's new cgroup. > > ((a) is not really related to this bug, but is definately needed. > The followup work of making the other hooks use the passed-in lxcpath > is still to be done) > > Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
I've gone ahead and pushed this for now. I need to spend time working on the nestable cgroup manager which would completely obsolete this issue. ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
