Some combinations of RAM and swap caps aren't allowed, and I'm having a
hard time understanding the pattern (i.e. *why*). From the examples
below, I *think* I cannot assign a smaller swap cap than RAM cap.
Also, is there a way to specify that a container cannot use ANY swap,
i.e. the swap cap is 0?
I'm using Ubuntu 10.04 as the host and container, with a .32 kernel and
lxc 0.7.2 (cherry-picked from maverick).
(Note: in the examples below, the container is configured to halt itself after
acquiring a DHCP lease.)
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.limit_in_bytes=2G
-slxc.cgroup.memory.memsw.limit_in_bytes=1G
lxc-start: write /var/cgroup/mimic/memory.memsw.limit_in_bytes : Invalid
argument
lxc-start: failed to setup the cgroups for 'mimic'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'mimic'
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.limit_in_bytes=1G
-slxc.cgroup.memory.memsw.limit_in_bytes=2G
BOOTED SUCCESSFULLY, HALTING.
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.limit_in_bytes=256M
-slxc.cgroup.memory.memsw.limit_in_bytes=128M
lxc-start: write /var/cgroup/mimic/memory.memsw.limit_in_bytes : Invalid
argument
lxc-start: failed to setup the cgroups for 'mimic'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'mimic'
# free -m
free -m
total used free shared buffers cached
Mem: 7963 6538 1425 0 703 4853
-/+ buffers/cache: 981 6982
Swap: 24575 3 24572
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.limit_in_bytes=512M
-slxc.cgroup.memory.memsw.limit_in_bytes=256M
lxc-start: write /var/cgroup/mimic/memory.memsw.limit_in_bytes : Invalid
argument
lxc-start: failed to setup the cgroups for 'mimic'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'mimic'
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.limit_in_bytes=512M
BOOTED SUCCESSFULLY, HALTING.
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.memsw.limit_in_bytes=256M
lxc-start: write /var/cgroup/mimic/memory.memsw.limit_in_bytes : Invalid
argument
lxc-start: failed to setup the cgroups for 'mimic'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'mimic'
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.limit_in_bytes=256M
-slxc.cgroup.memory.memsw.limit_in_bytes=256M
BOOTED SUCCESSFULLY, HALTING.
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.memsw.limit_in_bytes=0
lxc-start: write /var/cgroup/mimic/memory.memsw.limit_in_bytes : Invalid
argument
lxc-start: failed to setup the cgroups for 'mimic'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'mimic'
# lxc-start -n mimic -f /etc/lxc/mimic.conf
-slxc.cgroup.memory.memsw.limit_in_bytes=0M
lxc-start: write /var/cgroup/mimic/memory.memsw.limit_in_bytes : Invalid
argument
lxc-start: failed to setup the cgroups for 'mimic'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'mimic'
#
# Created 2010-12-15 19:17:12.778702711+11:00
# Created 2010-12-15 17:34:27.218509994+11:00 (template)
lxc.utsname = mimic
#lxc.console = /var/log/lxc/mimic.console
lxc.rootfs = /srv/lxc/mimic
lxc.tty = 4
lxc.pts = 1024
lxc.network.type = veth
lxc.network.link = br-managed
lxc.network.name = managed
lxc.network.flags = up
# lxc.cgroup.memory.limit_in_bytes = 4G
# lxc.cgroup.memory.memsw.limit_in_bytes = 1G
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 4:* rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 254:0 rm
# Prevent container from using mount(8), esp. remounting its root filesystem
-oro.
# This necessitates mounting *at least* /proc outside.
lxc.cap.drop = sys_admin
lxc.mount.entry = none /srv/lxc/mimic/dev/shm tmpfs nosuid,nodev
lxc.mount.entry = none /srv/lxc/mimic/lib/init/rw tmpfs
mode=0755,nosuid,size=8m
lxc.mount.entry = none /srv/lxc/mimic/proc proc nodev,noexec,nosuid
#lxc.mount.entry = none /srv/lxc/mimic/proc/sys/fs/binfmt_misc binfmt_misc
nodev,noexec,nosuid
#lxc.mount.entry = none /srv/lxc/mimic/sys sysfs nodev,noexec,nosuid
#lxc.mount.entry = none /srv/lxc/mimic/sys/fs/fuse/connections fusectl defaults
#lxc.mount.entry = none /srv/lxc/mimic/sys/kernel/debug debugfs defaults
#lxc.mount.entry = none /srv/lxc/mimic/sys/kernel/security securityfs defaults
lxc.mount.entry = none /srv/lxc/mimic/tmp tmpfs defaults
lxc.mount.entry = none /srv/lxc/mimic/var/lock tmpfs
nodev,noexec,nosuid,size=8m
# This mount would break lxc-start's halt/reboot autodetection (in lxc 0.7.x).
#lxc.mount.entry = none /srv/lxc/mimic/var/run tmpfs mode=0755,nosuid,size=8m
# Data mountpoints
lxc.mount.entry = /srv/mirror /srv/lxc/mimic/srv/mirror none bind
lxc.mount.entry = /home /srv/lxc/mimic/home none bind
# Disabled because their absence causes problems:
#chown net_admin setgid # getty or login
#net_bind_service net_raw net_broadcast # dhclient
#setuid # rsyslog
#sys_chroot # openssh-server
#fowner dac_override dac_read_search # lots of things (like root_squash)
#kill # needed by default to stop
rsyslogd/slapd
# Disabled because I *think* they're harmless:
#fsetid ipc_lock ipc_owner lease sys_nice sys_ptrace
lxc.cap.drop = audit_control audit_write linux_immutable mac_admin
lxc.cap.drop = mac_override mknod setfcap setpcap sys_admin sys_boot
lxc.cap.drop = sys_module sys_pacct sys_rawio sys_resource sys_time
lxc.cap.drop = sys_tty_config
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
