On Thu, Oct 10, 2019 at 11:59:29AM +0100, Ben Green wrote: > Quoting "Serge E. Hallyn" <se...@hallyn.com>: > > > On Wed, Oct 09, 2019 at 08:54:54AM +0100, Ben Green wrote: > > > Quoting "Serge E. Hallyn" <se...@hallyn.com>: > > > > > > > > > > > Actually you probably only want to chown the tasks and cgroup.procs > > > > files > > > > to lxcadmin:, as otherwise the containers can raise their limits. > > > > > > > > > > I've made that change, rebooted and started the containers, the result is > > > > Can you show the script you're using? > > > > > My /home/lxcadmin/.profile now reads: > > # ~/.profile: executed by bash for login shells. > /usr/local/bin/lxccgroup-enter-container-cgroup > > > ------------------- > > /usr/local/bin/lxccgroup-enter-container-cgroups now reads: > > > #!/bin/bash > > echo "Adding this user to the 'forcontainers' cgroup directory" > for i in $(find /sys/fs/cgroup/ -maxdepth 1 -mindepth 1 -type d | grep -v > unified); do echo $PPID > $i/forcontainers/tasks ; done > > ------------------- > > > /usr/local/sbin/lxccgroup-add-dirs now reads: > > #!/bin/bash > > for i in $(find /sys/fs/cgroup/ -maxdepth 1 -mindepth 1 -type d) > do > mkdir -p $i/forcontainers > echo $i/forcontainers > chown lxcadmin:lxcadmin $i/forcontainers > chown lxcadmin:lxcadmin $i/forcontainers/tasks > chown lxcadmin:lxcadmin $i/forcontainers/cgroup.procs > done
Oh, ok. Yeah, so the forcontainers/* other than tasks and cgroup.procs will be root owned. But any containers you create under that will be wholly owned by you. For the most part, the cgroups won't allow you to change your limits to exceed those of 'forcontainers'. So that's all fine. -serge _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
