On Fri, Oct 03, 2008 at 08:40:24AM -0700, Dan Smith wrote:
> This patch adds code to the controller to set up a cgroup named after the
> domain name, set the memory limit, and restrict devices. It also
> adds bits to lxc_driver to properly clean up the cgroup on domain death.
>
> If virCgroupHaveSupport() says that no support is available, then we just
> allow the domain creation to proceed as it did before without resource
> controls in place.
> + struct cgroup_device_policy devices[] = {
> + {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_NULL},
> + {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_ZERO},
> + {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_FULL},
> + {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_RANDOM},
> + {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_URANDOM},
> + {'c', VIR_CG_DEV_MAJ_TTY, VIR_CG_DEV_MIN_CONSOLE},
> + {0, 0, 0}};
You're going to hate me for suggesting more changes, but....
This list of devices is currently duplicated in two places - once
here where we set permissions, and again when we actually create
the container and populate its /dev/ in lxc_container.c. Could do
with a master list of device nodes used by both.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list