Quoting Akshay Karle ([email protected]): > Hey Serge and Maxim, > > I've been busy with some work here and haven't had a lot of time to look > into this. I can spend sometime now to help out. > > Since I don't have much idea of how to go about creating the graph driver > proxy for docker, I started by trying to see what problems we get when > starting docker 1.10 experimental daemon inside an unprivileged container > and seems that it fails to start with an error "Error starting daemon: > Devices cgroup isn't mounted". Now, this seems to be an error unrelated to > what the graph driver would resolve, but please correct me if I'm wrong as > I'm quite new to lxc or docker dev. Looking at the docker code [1], it > looks like the libcontainer which does parsing of cgroup mount point > doesn't take into consideration the fact that cgroups are running on lxcfs > inside the container. I'm now investigating what the solution could be to > solve this. Let me know if you have any ideas.
So this may get fixed with cgroup namespaces, (i.e. https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/log/?h=2015-11-10/cgroupns, github.com/hallyn/lxcfs #2015-11-10/cgns and github.com/lxc/ #2015-11-09/cgns) but of course for backward compatability that should still be fixed. Which requires choosing a way for docker to decide whether cgroups are in fact mounted. > Also, do you think it makes more sense to have this discussion on lxc-devel > than lxc-users? yeah, might. Switched to that (and cc:d Maxim as he's not on lxc-devel) _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
