On Wed, Mar 4, 2015 at 12:15 PM, Mohan G <[email protected]> wrote: > Hi, > Is there anyway we can have nested containers/cgroups. One parent container > forming the basis for children containers. i.e subset of parent container.
Yes. On parent container config (in ubuntu), add this: lxc.aa_profile=lxc-container-default-with-nesting And then on that container, you can create containers utopic ~ # lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART ----------------------------------------------------------------- v RUNNING 10.0.3.1, 192.168.124.173 - - NO utopic ~ # lxc-attach -n v root@v:~# root@v:~# cat /proc/1/cgroup 12:name=systemd:/lxc/v 11:perf_event:/lxc/v 10:net_prio:/lxc/v 9:net_cls:/lxc/v 8:memory:/lxc/v 7:hugetlb:/lxc/v 6:freezer:/lxc/v 5:devices:/lxc/v 4:cpuset:/lxc/v 3:cpuacct:/lxc/v 2:cpu:/lxc/v 1:blkio:/lxc/v root@v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64 Using image from local cache Unpacking the rootfs --- You just created an Ubuntu container (release=vivid, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts. root@v:~# lxc-start -n nv root@v:~# lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART -------------------------------------------------- nv RUNNING 10.0.3.249 - - NO Now run a process inside the nested container root@v:~# lxc-attach -n nv -- cat /proc/1/cgroup 12:name=systemd:/lxc/v/lxc/nv 11:perf_event:/lxc/v/lxc/nv 10:net_prio:/lxc/v/lxc/nv 9:net_cls:/lxc/v/lxc/nv 8:memory:/lxc/v/lxc/nv 7:hugetlb:/lxc/v/lxc/nv 6:freezer:/lxc/v/lxc/nv 5:devices:/lxc/v/lxc/nv 4:cpuset:/lxc/v/lxc/nv 3:cpuacct:/lxc/v/lxc/nv 2:cpu:/lxc/v/lxc/nv 1:blkio:/lxc/v/lxc/nv Note how the cgroup is nested -- Fajar _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
