Scott Helvick wrote:
> On Tue, Aug 25, 2009 at 4:58 AM, Daniel Lezcano wrote:
>
>
>> Scott Helvick wrote:
>>
>>
>>> Hello all,
>>>
>>> I've set up a system container with a mostly-complete filesystem, built
>>> from
>&
Scott Helvick wrote:
> Hello all,
>
> I've set up a system container with a mostly-complete filesystem, built from
> scratch. However, I'm having several minor issues, which leads me to
> believe I'm misunderstanding something about how lxc works. For one thing,
> I find myself unable to kill pro
Krzysztof Taraszka wrote:
> 2009/8/24 Daniel Lezcano
>
>>
>> [ snip ]
>>
>>> i think that /proc/meminfo should be mounted after /proc . why? i think
>>>>> that, because mounting /proc may override /proc/meminfo
>>>>> Am I right? :
synced on the
latest kernel version.
I do not really like to touch fs/proc/meminfo.c but it's an example here.
Subject: use memory controller to display meminfo
From: Daniel Lezcano
This patch modify the meminfo code to display informations related to the
memory cgroup controller. The e
Krzysztof Taraszka wrote:
> 2009/8/24 Daniel Lezcano
>
>
>> Krzysztof Taraszka wrote:
>>
>>
>>> 2009/8/24 Daniel Lezcano
>>>
>>>
>>>
>>>
>>>> K
Krzysztof Taraszka wrote:
> 2009/8/24 Daniel Lezcano
>
>
>> Krzysztof Taraszka wrote:
>>
>>
>>> 2009/8/24 Daniel Lezcano
>>>
>>>
>>>
>>>
>>>> Krzysztof Taraszka wrote:
>>>&g
Krzysztof Taraszka wrote:
> 2009/8/24 Daniel Lezcano
>
>
>> Krzysztof Taraszka wrote:
>>
>>
>>> 2009/8/24 Daniel Lezcano
>>>
>>> Krzysztof Taraszka wrote:
>>>
>>>> 2009/8/23 Daniel Lezcano
>&g
Krzysztof Taraszka wrote:
> 2009/8/24 Daniel Lezcano
>
>> Krzysztof Taraszka wrote:
>>
>>> 2009/8/23 Daniel Lezcano
>>>
>>> (...)
>>>
>>>
>>>
>>>
>>>> With the lxc tools I did:
>>>&
Krzysztof Taraszka wrote:
> 2009/8/23 Daniel Lezcano
>
> (...)
>
>
>
>> With the lxc tools I did:
>>
>>lxc-execute -n foo /bin/bash
>>echo 268435456 > /cgroup/foo/memory.limit_in_bytes
>>mount --bind /cgroup/foo/memo
Krzysztof Taraszka wrote:
> 2009/8/23 Daniel Lezcano
>
>> Krzysztof Taraszka wrote:
>>
>>> 2009/8/23 Krzysztof Taraszka
>>>
>>>
>>>
>>>> 2009/8/23 Krzysztof Taraszka
>>>>
>>>&
Krzysztof Taraszka wrote:
> 2009/8/23 Krzysztof Taraszka
>
>
>> 2009/8/23 Krzysztof Taraszka
>>
>>
>>> 2009/8/23 Daniel Lezcano
>>>
>>>
>>>> Krzysztof Taraszka wrote:
>>>>
>&
Krzysztof Taraszka wrote:
> 2009/8/23 Daniel Lezcano
>
>> Krzysztof Taraszka wrote:
>>
>>> Hello,
>>>
>>> I am running lxc on my debian unstable sandbox and I have a few question
>>> about memory managament inside linux containers based on
Krzysztof Taraszka wrote:
> Hello,
>
> I am running lxc on my debian unstable sandbox and I have a few question
> about memory managament inside linux containers based on lxc project.
>
> I have got linux kernel 2.6.30.5 with enabled :
>
> +Resource counter
> ++ Memory Resource Controller for Co
ChangeLog:
commit c159cb963868d4646cf415abb064d8fd4b6ee848
Author: Daniel Lezcano
Date: Fri Jul 24 16:41:27 2009 +0200
fix the document according the current version
Remove the comment about sharing /dev and fix the lxc-ps option
format.
Signed-off-by: Dan
Grzegorz Nosek wrote:
> On śro, lip 22, 2009 at 06:48:55 -0700, H. Peter Anvin wrote:
>
>>> | Bisecting...
>>>
>
> 2.6.27 is good, 2.6.28 is bad. Some 600-odd revisions still to go (will
> continue in the evening).
>
>
>> Interesting... I have to say I'm more than a bit surprised that
Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (dlezc...@fr.ibm.com):
>> Serge E. Hallyn wrote:
> ...
>> Checkpoint:
>> - The initiator of the checkpoint initialize the barrier and send a
>> signal SIGCKPT to all the checkpointable tasks and these ones wil
Serge E. Hallyn wrote:
> Quoting Balbir Singh (bal...@linux.vnet.ibm.com):
>
>> On Tue, Jun 23, 2009 at 8:26 PM, Serge E. Hallyn wrote:
>>
>>> A topic on ksummit agenda is 'containers end-game and how do we
>>> get there'.
>>>
>>> So for starters, looking just at application (and system) co
Serge E. Hallyn wrote:
> A topic on ksummit agenda is 'containers end-game and how do we
> get there'.
>
> So for starters, looking just at application (and system) containers, what do
> the libvirt and liblxc projects want to see in kernel support that is
> currently
> missing? Are there spec
Adam Majer wrote:
> chrdev_open + 0x148/0x167
> chrdev_open + 0x0/0x167
> __dentry_open + 0x148/0x260
> do_flip_open + 0x468/0x85a
> alloc_fd +
> do_sys_gen + ...
> system_call_fastpath +
>
> RIP tty_open
which kernel are you using ? could you run
Adam Majer wrote:
> Daniel Lezcano wrote:
>>> Is this a known problem? If not, I'll provide the backtrace.
>> Yes, please, maybe I am missing something but I was not able to
>> reproduce it.
>
> I see to be failing at being able to safe this segfault. The co
Paul Menage wrote:
> On Thu, Jun 18, 2009 at 11:36 AM, Daniel Lezcano
> wrote:
>
>> There isn't a rule saying that we will inherit the values set by the parent
>> ? If it is case, maybe we can remove the ns_cgroup and fix the cpuset at the
>> same time, no ?
&g
Serge E. Hallyn wrote:
> Quoting Paul Menage (men...@google.com):
>
>> On Wed, Jun 17, 2009 at 2:26 PM, Serge E. Hallyn wrote:
>>
>>> The ns cgroup is really only good for preventing root in a container
>>> from escaping its cgroup-imposed limits. The same can be done today
>>> using smack
Hi,
I noticed two different behaviours, the second one looks weird for me:
1) when the cgroup is manually created:
mkdir /cgroup/foo
echo $$ > /cgroup/foo/tasks
only the "attach" callback is called as expected.
2) when the cgroup is automatically created via the ns_cgroup wi
Miguel F Mascarenhas Sousa Filipe wrote:
> On Fri, Jun 5, 2009 at 2:59 PM, Serge E. Hallyn wrote:
>
>> Quoting Miguel F Mascarenhas Sousa Filipe (miguel.fil...@gmail.com):
>>
>>> Hello,
>>>
>>> I'm trying to play with lxc, but I'm unable to start a container
>>> created with lxc-debian in t
5)
* Michel Normand fixed libtool copy problem when compiling in a
directory different from the source tree
* Daniel Lezcano cleaned up some code and improve container creation
* Cedric Le Goater added a new logging facility
* Môshe van der Sterre fixed inherited tty fd in the
Daniel Lezcano wrote:
> Babu N wrote:
>
>> Hi,
>>
>> I am finding that a unshare call with CLONE_NEWNET is giving error in
>> ubuntu 8.10 (kernet version 2.6.27).
>> The man page here
>> (http://manpages.courier-mta.org/htmlman2/clone.2.html) states t
Babu N wrote:
> Hi,
>
> I am finding that a unshare call with CLONE_NEWNET is giving error in
> ubuntu 8.10 (kernet version 2.6.27).
> The man page here
> (http://manpages.courier-mta.org/htmlman2/clone.2.html) states that
> CLONE_NEWNET implementation is not yet complete, but probably will be
Chris R. Jones wrote:
> I have a couple of basic configuration questions on linux containers. I'm
> using lxc-0.6.1.
>
> I'm trying to configure a setup where I have two containers, where the only
> virtualized/isolated resources are network resources, but I can still do IPC
> between processes
Eric W. Biederman wrote:
> Daniel Lezcano writes:
>
>
>> I resurrected it for lxc userspace tool.
>>
>
> Makes sense. I had not seen that before.
>
> On that note I need to expect I need to sync up on user space tools
> so that we can have one
Eric W. Biederman wrote:
> Daniel Lezcano writes:
>
>
>> Matt Helsley wrote:
>>
>>> Argh, forgot to mention it's a patch for liblxc and not a kernel patch!
>>>
>>> Also I'm taking lxc-de...@lists.sf.net off Cc since it seems to
* fixes several compilation problems and arch dependant buggy functions.
* adds mtu option setting - Takano, thanks for the benchmarking and the
analysis :)
* fixes capabilties dilemma by letting the user to set / drop the
capabilities via 'lxc-setcap'
* fixes bind mounts to be propagated to the
anqin wrote:
>> What compilation error do you have ?
>>
>
> The compilation error is:
>
> --
> ...
> In file included from start.c:55:
> ../../src/lxc/lxc.h:175: warning: type qualifiers ignored on function
> return type
> start.c: In function 'lxc_start':
> start.c:339: error
anqin wrote:
> but I met comilation error when run "make" in lxc-0.6.0.
>
> It seems lose the libcap-devel.
>
> And, I installed the libcap-devel-2.16.rpm and retried again, but
> nothing help.
>
> Any help?
What compilation error do you have ?
___
Co
Matt Helsley wrote:
> Add signalfd and signalfd4 syscall number definitions for powerpc so
> that we may compile even with older platform headers.
>
> Signed-off-by: Matt Helsley
>
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 476d695..051e70c 100644
> --- a/src/lxc/start.c
Applied.
Matt Helsley wrote:
> Argh, forgot to mention it's a patch for liblxc and not a kernel patch!
>
> Also I'm taking lxc-de...@lists.sf.net off Cc since it seems to refuse email
> from non-members.
>
I changed the option in mailman, that should be fixed.
Ryousei Takano wrote:
> Hi Eric,
>
> On Thu, Mar 19, 2009 at 9:50 AM, Eric W. Biederman
> wrote:
>
> [snip]
>
>> Bridging last I looked uses the least common denominator of hardware
>> offloads. Which likely explains why adding a veth decreased your
>> bridging performance.
>>
> At least now L
Ryousei Takano wrote:
> Hi all,
>
> I am evaluating the networking performance of lxc on 10 Gigabit Ethernet by
> using netperf benchmark.
Thanks for doing benchmarking.
I did two years ago similar tests and there is an analysis of the
performances at:
http://lxc.sourceforge.net/network/benchs.p
Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>
>> Serge E. Hallyn wrote:
>>
>>> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>>>
>>>
>>>> Dan Smith wrote:
>>>>
>>>
Cedric Le Goater wrote:
> Dan Smith wrote:
>
>> DL> I guess it will be esay to implement with a nsproxy level counter.
>> DL> Each time you unshare, the new nsproxy count is incremented.
>> DL> Assuming the init_nsproxy is level 0, when the nsproxy counter is
>> DL> > 1, the process is uncheckpo
Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>
>> Dan Smith wrote:
>>
>>> DL> I guess it will be esay to implement with a nsproxy level counter.
>>> DL> Each time you unshare, the new nsproxy count is incremented.
&g
Dan Smith wrote:
> DL> I guess it will be esay to implement with a nsproxy level counter.
> DL> Each time you unshare, the new nsproxy count is incremented.
> DL> Assuming the init_nsproxy is level 0, when the nsproxy counter is
> DL> > 1, the process is uncheckpointable.
>
> This should also be po
Dan Smith wrote:
> DL> Assuming you have a process and this one unshared the network 100
> DL> times and each time opens a socket, how do you checkpoint these
> DL> namespaces ?
>
>
>>> What's the argument for depending on userspace to set this up?
>>>
>>>
> DL> Maybe, CR of the namespace
Dan Smith wrote:
> NL> I'd like there to be some discussion about this, because namespace
> NL> creation seems like a significant addition to the semantics of
> NL> restart as I understand it.
>
> Indeed.
>
> NL> Is namespace creation during restart unavoidable, or merely
> NL> desirable? Is there
Serge E. Hallyn wrote:
> Switch the flags and sp for sys_clone for s390.
>
> Without this, lxc-execute gets a segfault on clone (of course).
> With this, it succeeds.
>
> Signed-off-by: Serge Hallyn
> ---
Applied thanks for the fix.
___
Containers mai
Serge E. Hallyn wrote:
> define s390x signalfd for systems with headers which are too
> old.
>
> Signed-off-by: Serge Hallyn
> ---
Applied, thanks Serge.
___
Containers mailing list
contain...@lists.linux-foundation.org
https://lists.linux-foundation.o
Matt Helsley wrote:
> nbargs isn't used for anything in lxc_unshare.c. Remove it.
>
> Signed-off-by: Matt Helsley
> ---
>
Applied. Fixed a space before a tabulation.
Thanks.
___
Containers mailing list
contain...@lists.linux-foundation.org
https://l
Matt Helsley wrote:
> On Mon, 2009-02-09 at 15:43 -0800, Dan Smith wrote:
>
>> DL> It may be possible to use yum like debootstrap for an minbase
>> DL> fedora install.
>>
>> Yep, something like the following should work:
>>
>> root=/path/to/tmproot
>> mkdir -p $root/var/lib/rpm
>> rpm --ro
Matt Helsley wrote:
> Add the ability to lookup usernames and check uids. Bails out early if the
> given
> uid/name does not exist and avoids using atoi() (which is bad because we can't
> tell if it parsed an int or a pumpkin).
>
> Signed-off-by: Matt Helsley
>
Applied. Fixed a space before a
Greg Kurz wrote:
> On Sat, 2009-03-07 at 20:43 +0100, Daniel Lezcano wrote:
>
>> case LINUX_REBOOT_CMD_HALT:
>> - kernel_halt();
>> - unlock_kernel();
>> - do_exit(0);
>> + if (power
simple prototype for the first case, added in attachment.
For the second case, I didn't had time to do it yet as it is not so
trivial because we force an exec of another process.
Subject: kill the pid 1 process at shutdown
From: Daniel Lezcano
This patch makes the pid 1 to be killed wh
Hi all,
the lxc source code repository is now under git at:
http://lxc.git.sourceforge.net/
please do no use cvs as it won't be kept up-to-date.
Thanks.
-- Daniel
___
Containers mailing list
contain...@lists.linux-foundation.org
https://lists.linu
David Miller wrote:
> From: Daniel Lezcano
> Date: Wed, 25 Feb 2009 13:43:29 +0100
>
>
>> I don't see these patches in the net-2.6 tree. Shouldn't they be in
>> net-2.6 too ?
>>
>
> Ok, I'll think about c
Eric W. Biederman wrote:
> 6 months ago when I introduced net_alive I fixed the symptoms
> but I failed to properly fix network namespace shutdown.
>
> I realized this when I received a bug report on Tuesday about a
> failure in icmp_send caused by packets in the arp_gueue.
>
> It turns out that th
Serge E. Hallyn wrote:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>
>> Daniel Lezcano writes:
>>
>>
>>> But if I am able to create a new instance of devpts for a container and
>>> modify
>>> the configuration of another devp
anqin wrote:
>>> BTW, I don't know how to submit a "useful" patch to kernel community. Or,
>>> maybe the patch is not useful at all and maybe has been developed by other
>>> developers. I very appreciate if both of experts could give me some
>>> commend.
>>> I will continue to develop cgroup-relate
modifications:
2009-02-20 15:13 dlezcano
* scripts/lxc-debian.in: Add the pts configuration for lxc-debian
From: Daniel Lezcano
Add the pts configuration when creating a debian container.
Signed-off-by: Daniel Lezcano
2009-02-16 12:25 dlezcano
anqin wrote:
> Dear Daniel and Serge,
>
> For unified management of resources (CPU, memory, disk, network),
> I (and Ian) developed a cgroup subsystem to control the usage
> of disk quota.
>
> The subsystem for disk quota (disk_cgroup, to be brief) does accounting
> of inode and block allocated b
anqin wrote:
>> from the perspective of an application developer, this approach would
>> be perfect if we could have some IO bandwidth reservation mechanism
>> like disk.usage_io_usage (perhaps per disk...).
>>
>>
>
> Indeed, that is my next job (exactly, current job).
>
> Although Paolo Valen
H. Peter Anvin wrote:
> Daniel Lezcano wrote:
>>>
>>> Resource limit partitioning is a much bigger and orthogonal problem.
>>>
>> In this case we don't have the pty allocated independently, no ?
>> I mean one container can allocate 4095 pty, making
H. Peter Anvin wrote:
> Daniel Lezcano wrote:
>
>> suka...@linux.vnet.ibm.com wrote:
>>
>>> Enable multiple instances of devpts filesystem so each container can
>>> allocate
>>> ptys independently.
>>>
>>>
>>
suka...@linux.vnet.ibm.com wrote:
> Enable multiple instances of devpts filesystem so each container can allocate
> ptys independently.
>
Hi suka,
It looks like the /proc/sys/kernel/pty/max and nr are not virtualized.
Modifying in the container the "max" pty, that impacts the init_pty.
Same as
Sukadev Bhattiprolu wrote:
> Patch 5/7 is new in this set and fixes a bug. Remaining patches are
> just a forward-port from previous version and I believe they address
> all comments I have received.
>
> Oleg please sign-off/ack if you agree.
>
> ---
>
> Container-init must behave like global-init
Daniel Lezcano wrote:
> Eric W. Biederman wrote:
>
>> Daniel Lezcano writes:
>>
>>
>>
>>> Eric W. Biederman wrote:
>>>
>>>
>>>> Daniel Lezcano writes:
>>>>
>>>>
Eric W. Biederman wrote:
> Daniel Lezcano writes:
>
>
>> Eric W. Biederman wrote:
>>
>>> Daniel Lezcano writes:
>>>
>>>
>>>> Hmm, at the first glance I would say it is useless but perhaps there is a
>>>>
Eric W. Biederman wrote:
> Daniel Lezcano writes:
>
>> Hmm, at the first glance I would say it is useless but perhaps there is a
>> trick
>> here I do not understand.
>> Eric, is there any particular reason to call synchronize_net before exiting
>> the
Nicolas Dichtel wrote:
> Le 10.02.2009 17:40, Daniel Lezcano a écrit :
>> Nicolas Dichtel wrote:
>>> Le 06.02.2009 23:10, David Miller a écrit :
>>>> From: Nicolas Dichtel
>>>> Date: Fri, 06 Feb 2009 14:50:53 +0100
>>>>
>>>>
Nicolas Dichtel wrote:
> Le 06.02.2009 23:10, David Miller a écrit :
>> From: Nicolas Dichtel
>> Date: Fri, 06 Feb 2009 14:50:53 +0100
>>
>>> If namespace is destroyed after this function, then cleanup_net()
>>> will ensure that nobody is looking at it
>>
>> Maybe, but you better get some opinions
Matt Helsley wrote:
> On Mon, 2009-02-09 at 18:14 +0100, Daniel Lezcano wrote:
>
>> Matt Helsley wrote:
>>
>>> With the release of lenny nearing this patch may soon be useful.
>>>
>>> Signed-off-by: Matt Helsley
>>> ---
>>
Matt Helsley wrote:
> With the release of lenny nearing this patch may soon be useful.
>
> Signed-off-by: Matt Helsley
> ---
> scripts/lxc-debian.in |4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> Index: lxc/scripts/lxc-debian.in
> ==
Dietmar Maurer wrote:
>> cvs -d:pserver:anonym...@lxc.cvs.sourceforge.net:/cvsroot/lxc login
>> cvs -z3 -d:pserver:anonym...@lxc.cvs.sourceforge.net:/cvsroot/lxc co
>>
> -P
>
>> /lxc/
>>
>
> lxc# ./bootstrap
> + test -d autom4te.cache
> + ACLOCAL_AMFLAGS='-I m4 -I config '
> + libtooli
Matt Helsley wrote:
> If lxc-debian fails or is interrupted during debootstrap then the next
> invocation of lxc-debian breaks because it only checks for the existence
> of the directory. This forces the user to remove the cache by hand to
> retry the create step.
>
> Let's allow the user to re-run
Matt Helsley wrote:
> On Thu, 2009-02-05 at 01:29 -0800, Matt Helsley wrote:
>
>> On Thu, 2009-02-05 at 10:20 +0100, Daniel Lezcano wrote:
>>
>>> Matt Helsley wrote:
>>>
>>>> lxc-debian fails unless the directories a given rootfs needs
Matt Helsley wrote:
> lxc-debian fails unless the directories a given rootfs needs already
> exist. To fix this without relying on any particular function call order
> we can do: mkdir -p `dirname PATH/TO/FILE`
> before actually making the file.
>
> Signed-off-by: Matt Helsley
> ---
>
Do you ha
Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>
>> Dietmar Maurer wrote:
>>
>>> Hi Daniel,
>>>
>>> I think we should have several options for the root storage:
>>>
>>> 1.) simply use the host filesys
Dietmar Maurer wrote:
> Another tty problem arises from the implementation of sysv-init/upstart.
> Let me explain:
>
> sysv-init uses /dev/console (or ENV[CONSOLE]), and randomly close/reopen
> that device.
>
> upstart also uses /dev/console, and also randomly close/reopen that
> device.
>
> So far
Dietmar Maurer wrote:
> Hi Daniel,
>
> I think we should have several options for the root storage:
>
> 1.) simply use the host filesystem (like Openvz)
>
> - special quota support is needed (simfs?)
>
> - quota support depends on ext3 fs, so this only works for
> local attached
Dietmar Maurer wrote:
> Hi Daniel,
>
> what is libcgroup, and how does that relate to the lxc-container
> library?
>
The libcgroup is a C mapping library for the cgroup file system API +
saving of the cgroup configuration.
The liblxc directly addresses the cgroup fs without using the libcgroup.
Matt Helsley wrote:
> The lxc-debian script does not consistently address the lxc lock as
> @LOCALSTATEDIR@/lock/subsys/lxc. Make consistent use of the autotools
> substitution to completely enable configure --prefixes.
>
> I also added a comment explaining why some of the paths didn't need
> autoc
Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>
>> Hi,
>>
>> While trying to unshare a namespace with the clone syscall with an
>> inifinite loop, I got an EEXIST.
>> That looks weird to have such syscall returning EEXIST ... :)
&
Hi,
While trying to unshare a namespace with the clone syscall with an
inifinite loop, I got an EEXIST.
That looks weird to have such syscall returning EEXIST ... :)
After investigating, it appears the ns_cgroup creates automatically a
control group named with the pid number when we call the cl
ch...@versecorp.net wrote:
>>> Yes, ultimately we'll need the physical device inside the same namespace
>>> as our application. Our application does a lot of management on the
>>> interface,
>>> monitoring things like the interface's link-pulse and such, and that
>>> wouldn't
>>> be available th
ch...@versecorp.net wrote:
> On Wed, Jan 14, 2009 at 01:26:34PM -0600, Serge E. Hallyn wrote:
>
>> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>>
>>> ch...@versecorp.net wrote:
>>>
>>>> On Wed, Jan 14
ch...@versecorp.net wrote:
> On Wed, Jan 14, 2009 at 09:50:29AM +0100, Daniel Lezcano wrote:
>
>> Guenter Roeck wrote:
>>
>>> As far as I recall, if you have sysfs active and use the sysfs patch to
>>> let you configure both sysfs and network names
Guenter Roeck wrote:
> As far as I recall, if you have sysfs active and use the sysfs patch to
> let you configure both sysfs and network namespaces, you can only move
> virtual interfaces into a network namespace.
>
> Guenter
>
Ah ! yes, you are right :)
The current upstream implementation all
ch...@versecorp.net wrote:
[r...@c100273 iproute2-2.6.25]# ps aux | grep tcsh
root 21918 0.0 0.0 71036 2084 pts/1S+ 16:47 0:00 -bin/tcsh
root 22008 0.0 0.0 61144 716 pts/2R+ 16:57 0:00 grep tcsh
[r...@c100273 iproute2-2.6.25]# ip/ip link set
ch...@versecorp.net wrote:
> On Mon, Jan 12, 2009 at 04:51:40PM -0600, Serge E. Hallyn wrote:
>
>>> But I'm having trouble assigning an interface over to that container.
>>>
>>> I tried doing:
>>> # echo > /sys/class/net/eth4/new_ns_pid
>>>
>>> But there are no entries in sysfs calle
Ian jonhson wrote:
> hmm... so many patches need to be patched in current kernel mainstream?
>
> I am now using the kernel version:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/daveh/linux-2.6-lxc.git
>
> It seems the linux-2.6-lxc has not been updated for a couple of months
> because I got "
Ian jonhson wrote:
>> With what version of the kernel due you see this problem. The memory
>> controller is undergoing a churn and I think we found something that
>> potentially breaks the memory controller in the current -mm. To verify
>>
> I am not sure whether the -mm is opened. I just opened th
Sargun Dhillon wrote:
> I'm getting an error when I try to compile the netunshare tool.
> Do you have any ideas to the error:
>
> netunshare.c:50: error: conflicting types for 'unshare'
> /usr/include/bits/sched.h:78: error: previous declaration of 'unshare' was
> here
>
There is the lxc tools
Serge E. Hallyn wrote:
> The devcgroup_inode_permission() hook in the devices whitelist
> cgroup has always bypassed access checks on fifos. But the
> mknod hook did not. The devices whitelist is only about block
> and char devices, and fifos can't even be added to the whitelist,
> so fifos can't
Serge E. Hallyn wrote:
> Quoting Daniel Lezcano ([EMAIL PROTECTED]):
>> Serge E. Hallyn wrote:
>>> Quoting Matt Helsley ([EMAIL PROTECTED]):
>>>> #
>>>> # Write some reasonable default device whitelist rules
>>>
Serge E. Hallyn wrote:
> Quoting Matt Helsley ([EMAIL PROTECTED]):
>>> (this is the code i inserted into the old lxc-debian command,
>>> haven't checked if i need to change it for the new one)
>>>
>>> echo "lxc.cgroup.devices.deny = a" >> $CONFFILE
>>> # /dev/null and zero
>>> echo "lxc
Serge E. Hallyn wrote:
> Hi Daniel,
>
> to create a debian-based container using lxc-debian on fedora 10,
> I needed to just a couple of things:
>
> 1. iptables -F :) Grrr.
>
> 2. Right above the debootstrap command, I had to fool
> chage (used during openssh configuratio
Greg KH wrote:
> On Mon, Nov 24, 2008 at 11:50:34AM +0100, Daniel Lezcano wrote:
>
>> Subject: Handle uevent per namespace
>> From: Daniel Lezcano <[EMAIL PROTECTED]>
>>
>> At present when a network device is destroyed, inside a network
>> namespace
Kay Sievers wrote:
> On Mon, Nov 24, 2008 at 11:50, Daniel Lezcano <[EMAIL PROTECTED]> wrote:
>
> struct kobject {
> const char *name;
> struct list_headentry;
> @@ -63,6 +65,9 @@ struct kobject {
> struct kset *kse
Subject: Handle uevent per namespace
From: Daniel Lezcano <[EMAIL PROTECTED]>
At present when a network device is destroyed, inside a network
namespace, and this device has the same name as one network device
belonging to the initial network namespace (eg. eth0), the udev daemon
will d
Daniel Lezcano wrote:
> Serge E. Hallyn wrote:
>> Hi Daniel,
>>
>> I'm playing with liblxc containers and the device whitelist cgroup.
>> One thing which makes the devices cgroup unique from the others is
>> that there can be many entries to the devices.allow
Serge E. Hallyn wrote:
> Hi Daniel,
>
> I'm playing with liblxc containers and the device whitelist cgroup.
> One thing which makes the devices cgroup unique from the others is
> that there can be many entries to the devices.allow (and in theory
> also to devices.deny) file. liblxc doesn't suppor
Cedric Le Goater wrote:
> Daniel Lezcano wrote:
>> Michael Kerrisk wrote:
>>>> On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <[EMAIL PROTECTED]> wrote:
>>>>> This patch adds the socketat syscall which allows to specify in
>>>>> which
Michael Kerrisk wrote:
>> On Fri, Oct 31, 2008 at 4:56 PM, Daniel Lezcano <[EMAIL PROTECTED]> wrote:
>>> This patch adds the socketat syscall which allows to specify in
>>> which network namespace we want to create a socket. The network
>>> namespace
201 - 300 of 621 matches
Mail list logo