Extend the lxc-enter-namespace command so that it joins the
containers' cgroups before starting new namespaces. This
ensures that the commands run have the normal resource
limits applied
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
tools/virsh-domain.c | 3 +++
tools/virsh.pod | 7 ++++---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 6d4265c..716db84 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9328,6 +9328,9 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
0) < 0)
_exit(EXIT_CANCELED);
+ if (virDomainLxcEnterCGroup(dom, 0) < 0)
+ _exit(EXIT_CANCELED);
+
if (virDomainLxcEnterNamespace(dom,
nfdlist,
fdlist,
diff --git a/tools/virsh.pod b/tools/virsh.pod
index d2cc5b2..a38b33f 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -4175,9 +4175,10 @@ omitted.
Enter the namespace of I<domain> and execute the command C</path/to/binary>
passing the requested args. The binary path is relative to the container
root filesystem, not the host root filesystem. The binary will inherit the
-environment variables / console visible to virsh. This command only works
-when connected to the LXC hypervisor driver. This command succeeds only
-if C</path/to/binary> has 0 exit status.
+environment variables / console visible to virsh. The command will be run
+with the same sVirt context and cgroups placement as processes within the
+container. This command only works when connected to the LXC hypervisor
+driver. This command succeeds only if C</path/to/binary> has 0 exit status.
=back
--
2.5.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list