On 06/09/2015 10:39 PM, Pavel Emelyanov wrote: > On 06/09/2015 01:42 PM, Pavel Tikhomirov wrote: >> Pasha, please consider >> >> We have ~4 ways: >> >> 1) Virtualize mounting cgroups in PCS7CT >> +docker test will be happy and all docker-in-docker thing >> -we don't want patch kernel for it and thus have a lot of non-mainline code >> >> 2) We can patch docker tests to make bindmounts from CT to DockerCT >> instead of mounting cgroups from inside. >> +only OUR docker test will be happy >> -we will have to maintain our patches for docker test >> >> 3) We can try to send those our patches for docker test into Docker >> +docker tests OK, for other people it will be easier to use >> docker-in-docker with PCS7 too >> -docker maintainers can say - "Why they need to change their working >> code?(Why we don't allow mount cgroups?)" > > Try to go this route.
Pasha, in this case we won't be able to create privileged Docker CTs inside Virtuozzo 7 Containers. Do we need this functionality? Why? >> 4) Make docker --priviledged(which is used for docker-in-docker) option >> bindmount cgroups inside docker CT >> +docker tests OK, cgroups for docker-in-docker will work everywhere >> -docker maintainers may find some examples where --priviledged dockerCT >> does not need bindmounted cgroups >> >> On 06/09/2015 12:30 PM, Cyrill Gorcunov wrote: >>> On Tue, Jun 09, 2015 at 12:17:59PM +0300, Pavel Tikhomirov wrote: >>>> >>>> >>>> On 06/09/2015 11:51 AM, Cyrill Gorcunov wrote: >>>>> On Tue, Jun 09, 2015 at 11:48:18AM +0300, Pavel Tikhomirov wrote: >>>>>> Docker tests create two level docker containers hierarchy, and they need >>>>>> to >>>>>> mount cgroups on the first level to control containers of second level. >>>>>> Is >>>>>> it safe to "re-revert" this patch to allow docker >>>>>> test(unit,integration-cli) >>>>>> mount cgroups? >>>>> >>>>> Could you please provide more info? Which cgroups it mounts? >>>> >>>> It tries to mount all cgroups which it can see through /proc/1/cgroup >>>> >>>> https://github.com/docker/docker/blob/v1.6.2/hack/dind >>>> https://github.com/docker/docker/blob/master/hack/dind >>> >>> Sigh :( So we have to allow its back then. But this won't make vdavydov@ >>> happy. Volodya, do you see some other way? >>> >> > > _______________________________________________ > Devel mailing list > Devel@openvz.org > https://lists.openvz.org/mailman/listinfo/devel > _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel