Hello, I run priviledged containers on Centos 7. I want to have isolated cgroups inside container, so I don't want other containers to see cgroups of other containers. I have set lxc.mount.auto to cgroup:mixed, so I should not be able to see other containers groups in /sys/fs/cgroup, but i see them.
On host FS it looks like this # ls -1 /sys/fs/cgroup blkio cpu cpuacct cpu,cpuacct cpuset devices freezer hugetlb memory net_cls perf_event systemd On cotainer: # ls -1 /sys/fs/cgroup/ blkio cpu cpuacct cpuacct,cpu cpu,cpuacct cpuset devices freezer hugetlb memory net_cls perf_event systemd As you can see, LXC has created directory "cpuacct,cpu" which is not present on host system. Each directory in containers /sys/fs/cgroup/ are isolated from host cgroups (so it behave correctly according to the cgroup:mixed) except "cpu,cpuacct". In directory "cpu,cpuacct" are informations about all containers which run on host (it has same content like "cpu,cpuacct" on host system). Is there some problem in my configuration or is it problem with LXC? Container config: lxc.network.type = veth lxc.network.flags = up lxc.network.link = br1 lxc.network.ipv4=172.16.0.10/16 lxc.network.ipv4.gateway=172.16.0.1 lxc.network.name = eth0 lxc.network.hwaddr = fe:4a:a0:67:75:a0 lxc.rootfs = /var/lib/lxc/container001/rootfs lxc.start.auto = 1 lxc.include = /usr/share/lxc/config/centos.common.conf lxc.mount.auto = sys:ro proc:mixed cgroup:mixed lxc.arch = x86_64 lxc.utsname = container001 lxc.autodev = 1 lxc.kmsg = 0 _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
