On Tue, Oct 08, 2019 at 03:41:42PM +0100, Ben Green wrote: > Quoting "Serge E. Hallyn" <se...@hallyn.com>: > > > BTW, much as I'd like to get to the bottom of this, let's get you up > > and running first. I'd suggest you create a systemd service which starts > > at boot which creates and configures cgroups called > > /sys/fs/cgroup/*/forcontainers > > and chowns them to your userid. Then for convenience a > > enter-container-cgroups > > script which just does echo $$ > /sys/fs/cgroup/*/forcontainers/tasks. Then > > just run enter-container-cgroups before you lxc-start -n containerX > > > OK so if I understand correctly, I've ended up with 2 scripts: > > 1. > > /usr/local/sbin/lxccgroup-add-dirs > > which looks like this: > > #!/bin/bash > for i in $(find /sys/fs/cgroup/ -maxdepth 1 -mindepth 1 -type d); do mkdir > -p $i/forcontainers ; echo $i/forcontainers ; chown -R lxcadmin:lxcadmin > $i/forcontainers ; done
Actually you probably only want to chown the tasks and cgroup.procs files to lxcadmin:, as otherwise the containers can raise their limits. > I've make the chown recursive, so everything under there is owned by > lxcadmin. This is run on boot. Yeah, just from a .service file that has target multi-user.target. > 2. > > /usr/local/bin/lxccgroup-enter-container-cgroups > > which looks like this: > > #!/bin/bash > for i in $(find /sys/fs/cgroup/ -maxdepth 1 -mindepth 1 -type d | grep -v > unified); do echo $PPID > $i/forcontainers/tasks ; done > > I've used $PPID rather than $$ here as it's parent script (i.e. the bash > shell I'm currently running in) which I've assumed you want moving in to the > cgroups. I've also excluded 'unified' as it doesn't contain a 'tasks' file. > I run this before I start a container as user 'lxcadmin'. Yes, and it shouldn't have to run with any privilege. > Let me know if I've got this right. Now on starting the guests I have: > > /sys/fs/cgroup/memory/forcontainers/lxc.payload/ex386-jessie > > Which is good in itself as it feels like I have some control now. I'll have > to rewrite my cgroups checking script now to take note of these new > locations. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
