On Wed, Oct 01, 2008 at 01:19:04PM -0700, Dan Smith wrote:
> This patch adds code to the controller to set up a cgroup named after the
> domain name, set the memory limit, and restrict devices. It also
> adds bits to lxc_driver to properly clean up the cgroup on domain death.
>
> If virCgroupHaveSupport() says that no support is available, then we just
> allow the domain creation to proceed as it did before without resource
> controls in place.
> +
> + rc = virCgroupForDomain(def, &cgroup);
> + if (rc != 0) {
> + fprintf(stderr, "Unable to create cgroup for %s\n", def->name);
> + goto out;
> + }
Should use lxcError() here - as things are setup by virExec(), calls to
lxcError() call to virRaiseError() which ultimately calls fprintf(). By
using lxcError() can we more easily change logging later if needed.
> +
> + rc = virCgroupSetMemory(cgroup, def->maxmem);
> + if (rc != 0)
> + goto out;
> +
> + rc = virCgroupDenyAllDevices(cgroup);
> + if (rc != 0)
> + goto out;
> +
> + for (i = 0; devices[i].type != 0; i++) {
> + struct cgroup_device_policy *dev = &devices[i];
> + rc = virCgroupAllowDevice(cgroup,
> + dev->type,
> + dev->major,
> + dev->minor);
> + if (rc != 0)
> + goto out;
> + }
> +
> + rc = virCgroupAddTask(cgroup, getpid());
> +out:
> + virCgroupFree(&cgroup);
> +
> + if (rc != 0)
> + fprintf(stderr, "Failed to set lxc resources: %s\n", strerror(-rc));
Likewise here use lxcError().
I think we need to virCgroupRemove() in the error path to cleanup
a partially constructed cgroup ?
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list