On Fri, 2011-06-24 at 12:54 -0500, Serge Hallyn wrote:
I.e. with systemd or libcgroup.
To do this, instead of looking for one cgroup called 'lxc' or
otherwise taking the first cgroup we find, we actually create a
container in every mounted cgroup fs. Right now it's done under the
root of each fs. We may want to put that under lxc, or, better yet,
make that configurable.
Yeah, looking at my system and just looking for the devices.* entries, I
see some interesting stuff there that libvirt is doing...
[root@forest mhw]# find /sys/fs/cgroup -name devices\*
/sys/fs/cgroup/devices
/sys/fs/cgroup/devices/libvirt/lxc/devices.list
/sys/fs/cgroup/devices/libvirt/lxc/devices.deny
/sys/fs/cgroup/devices/libvirt/lxc/devices.allow
/sys/fs/cgroup/devices/libvirt/qemu/devices.list
/sys/fs/cgroup/devices/libvirt/qemu/devices.deny
/sys/fs/cgroup/devices/libvirt/qemu/devices.allow
/sys/fs/cgroup/devices/libvirt/devices.list
/sys/fs/cgroup/devices/libvirt/devices.deny
/sys/fs/cgroup/devices/libvirt/devices.allow
/sys/fs/cgroup/devices/devices.list
/sys/fs/cgroup/devices/devices.deny
/sys/fs/cgroup/devices/devices.allow
Granted that the lxc under libvert is not this lxc project and they
have their own xml based stuff, still looks like they're stuffing things
under another directory. Good question there.
Note the use of clone_children seems not quite right, but that's
not for this patch to fix. In particular, if clone_children is
not in the mntopts, we reject it. Yet later we try to set it
ourselves. I believe we should simply, if ns cgroup is not
composed, always try to set clone_children to 1. As it stands,
with libcgroup installed, I had to do
cd /sys/fs/cgroup
for d in `/bin/ls`; do
echo 1 $d/cgroup.clone_children
done
But after that, 'lxc-start -n l1' worked like a charm. It also
continues to work with a single mount of cgroups under /cgroup.
Cool. I'll check this out. Haven't had much time for coding, here the
last couple of weeks, but I can at least do some testing.
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
---
src/lxc/cgroup.c | 207
+
src/lxc/cgroup.h |2 +-
src/lxc/freezer.c |2 +-
src/lxc/lxc.h |8 +-
src/lxc/state.c |2 +-
5 files changed, 135 insertions(+), 86 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index a068a01..ecba56e 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -52,11 +52,10 @@ enum {
CGROUP_CLONE_CHILDREN,
};
-static int get_cgroup_mount(const char *mtab, char *mnt)
+static int get_cgroup_mount(const char *mtab, const char *subsystem, char
*mnt)
{
struct mntent *mntent;
FILE *file = NULL;
-int err = -1;
file = setmntent(mtab, r);
if (!file) {
@@ -66,29 +65,24 @@ static int get_cgroup_mount(const char *mtab, char *mnt)
while ((mntent = getmntent(file))) {
- /* there is a cgroup mounted named lxc */
- if (!strcmp(mntent-mnt_fsname, lxc)
- !strcmp(mntent-mnt_type, cgroup)) {
- strcpy(mnt, mntent-mnt_dir);
- err = 0;
- break;
- }
-
- /* fallback to the first non-lxc cgroup found */
-if (!strcmp(mntent-mnt_type, cgroup) err) {
+if (strcmp(mntent-mnt_type, cgroup))
+ continue;
+ if (!subsystem || hasmntopt(mntent, subsystem)) {
strcpy(mnt, mntent-mnt_dir);
- err = 0;
+ fclose(file);
+ DEBUG(using cgroup mounted at '%s', mnt);
+ return 0;
}
};
- DEBUG(using cgroup mounted at '%s', mnt);
+ DEBUG(Failed to find cgroup for %s\n, subsystem ? subsystem :
(NULL));
fclose(file);
-return err;
+return -1;
}
-static int get_cgroup_flags(const char *mtab, int *flags)
+static int get_cgroup_flags(const char *mtab, const char *mnt_dir, int
*flags)
{
struct mntent *mntent;
FILE *file = NULL;
@@ -103,38 +97,24 @@ static int get_cgroup_flags(const char *mtab, int *flags)
*flags = 0;
while ((mntent = getmntent(file))) {
-
- /* there is a cgroup mounted named lxc */
- if (!strcmp(mntent-mnt_fsname, lxc)
- !strcmp(mntent-mnt_type, cgroup)) {
-
- if (hasmntopt(mntent, ns))
- *flags |= CGROUP_NS_CGROUP;
-
- if (hasmntopt(mntent, clone_children))
- *flags |= CGROUP_CLONE_CHILDREN;
-
+ if (strcmp(mntent-mnt_type, cgroup))
+ continue;
+ if (strcmp(mntent-mnt_dir, mnt_dir))
+ continue;
+ if (hasmntopt(mntent, ns)) {
