Quoting David Shwatrz ([email protected]): > Hello, > > Suppose I want to be able to let a container access only the sysfs cgroup > of itself. > To be more specific, if the container name is "fedoraCT", I want to > let it access only /sys/fs/cgroup/blkio/lxc/fedoraCT (and the > corresponding entries of the other controllers) and not be able to access > /sys/fs/cgroup/blkio/lxc/ubuntoCT and /sys/fs/cgroup/blkio/lxc/CentOS_CT, etc.
lxc.mount.auto = cgroup:mixed should, I think, do this. (the manpage is misleading or wrong on this, I believe, but I did not test just now) Note that for this to be safe with writeable mounts, you'll want to create an extra cgroup layer, so that the kernel's enforcement of hierarchical constraints works for you. > Is it possible to achieve with currentl LXC release or latest git > tree? Is using cgmanager on the host > and cgproxy on the container can provide this currently ? This will effectively do that, but you'll have to use the dbus interface (or, the 'cgm' script shipped with cgmanager) to read the blkio values. The cgroupfs won't be mounted in the container. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
