Quoting Ramez Hanna (rha...@informatiq.org): > On Tue, May 31, 2011 at 5:38 PM, Serge Hallyn > <serge.hal...@canonical.com>wrote: > > > Quoting Daniel Lezcano (daniel.lezc...@free.fr): > > > On 05/31/2011 01:44 PM, Ramez Hanna wrote: > > > > On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano<daniel.lezc...@free.fr > > >wrote: > > > > > > > >> On 05/31/2011 12:33 PM, Ramez Hanna wrote: > > > >> > > > >>> it seems that lxc cannot handle cgroups when capabilities are not all > > in > > > >>> the > > > >>> same mount > > > >>> it fails now because it cannot write the devices.deny in the cgroup > > > >>> if i comment out all the lxc.cgroup.devices lines in the config of > > the > > > >>> container then i can actually start it > > > >>> > > > >>> I would think that the way lxc identifies the cgroup mount might be > > the > > > >>> part > > > >>> that needs patching > > > >>> > > > >> Thanks for investigating. > > > >> > > > >> The main problem is lxc is cgroup agnostic, so we should find a > > solution > > > >> where we don't break that. > > > >> > > > >> Maybe one solution would be to collect all the mount points found for > > the > > > >> cgroup and try to find the right path when writing or reading from one > > > >> cgroup file. > > > >> > > > > that is what i had in mind, tried looking into the code but my C skills > > are > > > > next to zero > > > > > > > >> Does systemd run lxc within a cgroup which is not the root cgroup ? > > > >> > > > >> the lxc-start command would run under $user/master/ > > > > (/sys/fs/cgroup/systemd/$user/$master) > > > > and the container itself would run under $container_name > > > > (/sys/fs/cgroup/systemd/$container_name) > > > > so it would run the container in the root cgroup > > > > > > ouch ! I have to install systemd on a test machine to check how systemd > > > plays with the cgroup. > > > I don't think the cgroup created by lxc should escape the cgroup the > > > command is assigned to. > > > > Another similar - and easier to setup - thing we need to address is running > > on a system with libcgroup installed. > > > > For both, I assume it'll basically come down to: > > > > 1. figure out the path of the cgroup we are in for each cgroup we care > > about > > 2. create new child cgroup for ourselves in each of the above paths whic > > is unique > > 3. track those through the lifetime of the container > > > > So it just slightly complicates what's being done now. > > > > -serge > > > how does libcgroup change things? does it also mount cgroup on different > points ?
Yes, in whatever way you ask it to. -serge ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users