Public bug reported: [ note - this is a version of the patch I just sent to lkml ported to our xenial tree. It's needed for things like docker and lxc to be certain of which cgroup tasks file is their own in certain nesting situations. We currently work around it by blindly assuming that there are no legacy container managers running on cgroup-ns-enabled kernels ] One practical problem I've found with cgroup namespaces is that there is no way to disambiguate between a cgroupfs mount which was done in a cgroup namespace, and a bind mount of a cgroupfs directory. So whether I do unshare --cgroup -- bash -c "mount -t cgroup -o freezer f /mnt; cat /proc/self/mountinfo" or whether I just mount --bind /sys/fs/cgroup/freezer/$(awk -F: '/freezer/ { print $3 }' /proc/self/cgroup) /mnt 'mount root' field (field 3) in /proc/self/mountinfo will show the same thing, the result of awk -F: '/freezer/ { print $3 }' /proc/self/cgroup. This patch adds a 'nsroot=' field to cgroup mountinfo entries, so that userspace can distinguish a mount made in a cgroup namespace from a bind mount from a cgroup subdirectory.
** Affects: linux (Ubuntu) Importance: Undecided Assignee: Serge Hallyn (serge-hallyn) Status: Fix Committed ** Affects: linux (Ubuntu Xenial) Importance: Undecided Assignee: Serge Hallyn (serge-hallyn) Status: Fix Committed ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Serge Hallyn (serge-hallyn) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1560489 Title: cgroup namespaces: add a 'nsroot=' mountinfo field Status in linux package in Ubuntu: Fix Committed Status in linux source package in Xenial: Fix Committed Bug description: [ note - this is a version of the patch I just sent to lkml ported to our xenial tree. It's needed for things like docker and lxc to be certain of which cgroup tasks file is their own in certain nesting situations. We currently work around it by blindly assuming that there are no legacy container managers running on cgroup-ns-enabled kernels ] One practical problem I've found with cgroup namespaces is that there is no way to disambiguate between a cgroupfs mount which was done in a cgroup namespace, and a bind mount of a cgroupfs directory. So whether I do unshare --cgroup -- bash -c "mount -t cgroup -o freezer f /mnt; cat /proc/self/mountinfo" or whether I just mount --bind /sys/fs/cgroup/freezer/$(awk -F: '/freezer/ { print $3 }' /proc/self/cgroup) /mnt 'mount root' field (field 3) in /proc/self/mountinfo will show the same thing, the result of awk -F: '/freezer/ { print $3 }' /proc/self/cgroup. This patch adds a 'nsroot=' field to cgroup mountinfo entries, so that userspace can distinguish a mount made in a cgroup namespace from a bind mount from a cgroup subdirectory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560489/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp