Quoting Christian Seiler (christ...@iwakd.de): ... > If I think about that further, I think the initial bind-mount logic is > already borked. Because if nested LXC breaks in such a way, so will > many software that uses cgroups and relies on standard behaviour. > > I think the correct way for the mountcgroups hook is to do the > following: > > Suppose the container has the cgroup /lxc/foo/foo and we just have the > 'cpu' controller available. > > Initially, /sys/fs/cgroup will be a tmpfs and /sys/fs/cgroup/cpu will > contain the cpu controller. > > LXC recursively creates /sys/fs/cgroup/cpu/lxc/foo. It then runs the > mountcgroups hook. > > The mountcgroups hook should now mount a new tmpfs in > $containerroot/sys/fs/cgroup. It should then create the directories > for the controllers but *also* subdirectories for the cgroup of the > containers, i.e. > > mount -t tmpfs none $containerroot/sys/fs/cgroup > mkdir -p $containerroot/sys/fs/cgroup/cpu/lxc/foo > mount -n --bind /sys/fs/cgroup/cpu/lxc/foo \ > $containerroot/sys/fs/cgroup/cpu/lxc/foo
I've thought about that (and mentioned it on the list, somewhere...), and previously rejected it. I don't remember what my biggest complaint was, though, odd. If we're going to do this, we should do it soon. Would you have time in the next few days? (BTW, if we're going to throw words like b0rked around, I'd prefer to reserve that for the refusal to implement fake-root in cgroups itself which would allow us to ignore this by treating ourselves as really being inside '/') -serge ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
