On 26.01.2016 15:37, Daniel P. Berrange wrote: > On the host when we start a container, it will be > placed in a cgroup path of > > /machine.slice/machine-lxc\x2ddemo.scope > > under /sys/fs/cgroup/* > > Inside the containers' namespace we need to setup > /sys/fs/cgroup mounts, and currently will bind > mount /machine.slice/machine-lxc\x2ddemo.scope on > the host to appear as / in the container. > > While this may sound nice, it confuses applications > dealing with cgroups, because /proc/$PID/cgroup > now does not match the directory in /sys/fs/cgroup > > This particularly causes problems for systems and > will make it create repeated path components in > the cgroup for apps run in the container eg > > /machine.slice/machine-lxc\x2ddemo.scope/machine.slice/machine-lxc\x2ddemo.scope/user.slice/user-0.slice/session-61.scope > > This also causes any systemd service that uses > sd-notify to fail to start, because when systemd > receives the notification it won't be able to > identify the corresponding unit it came from. > In particular this break rabbitmq-server startup > > Future kernels will provide proper cgroup namespacing > which will handle this problem, but until that time > we should not try to play games with hiding parent > cgroups. > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > src/libvirt_private.syms | 2 +- > src/lxc/lxc_container.c | 2 +- > src/util/vircgroup.c | 9 ++++----- > src/util/vircgroup.h | 6 +++--- > 4 files changed, 9 insertions(+), 10 deletions(-) ACK Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list