Hi, lxc does not work if ns cgroups subsystem is enabled because of two factors; one is that ns has a special rule to create a group[*] unlike other subsystems and the other is lxc controller creates a new namespace for /dev/pts prior to create a new group for a domain. Unfortunately the new namespace breaks the rule of ns and that prevents a lxc controller from creating a new group. This patch addresses the problem by creating a new group before creating a new namespace (i.e. call unshare syscall). Note that this patch is only for the case ns is enabled and current code works well if it disabled. However, I think this patch makes sense because not just a few users know much about cgroups and likely to enable all of subsystems without notions (i.e. mount cgroups without any options). [*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD Thanks, ozaki-r Signed-off-by: Ryota Ozaki <ozaki.ryota@xxxxxxxxx> >From 46531182708dc3eb132b14ce2f23fbc639430176 Mon Sep 17 00:00:00 2001 From: Ryota Ozaki <ozaki.ryota@xxxxxxxxx> Date: Fri, 8 May 2009 05:31:03 +0900 Subject: [PATCH] lxc: fix for ns cgroups subsystem lxc does not work if ns cgroups subsystem is enabled because of two factors; one is that ns has a special rule to create a group[*] unlike other subsystems and the other is lxc controller creates a new namespace for /dev/pts prior to create a new group for a domain. Unfortunately the new namespace breaks the rule of ns and that prevents a lxc controller from creating a new group. This patch addresses the problem by creating a new group before creating a new namespace (i.e. call unshare syscall). Note that this patch is only for the case ns is enabled and current code works well if it disabled. However, I think this patch makes sense because not just a few users know much about cgroups and likely to enable all of subsystems without notions (i.e. mount cgroups without any options). [*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD --- src/lxc_controller.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lxc_controller.c b/src/lxc_controller.c index e0fb05d..1231817 100644 --- a/src/lxc_controller.c +++ b/src/lxc_controller.c @@ -458,6 +458,9 @@ lxcControllerRun(virDomainDefPtr def, goto cleanup; } + if (lxcSetContainerResources(def) < 0) + goto cleanup; + root = virDomainGetRootFilesystem(def); /* @@ -543,9 +546,6 @@ lxcControllerRun(virDomainDefPtr def, } - if (lxcSetContainerResources(def) < 0) - goto cleanup; - if ((container = lxcContainerStart(def, nveths, veths, -- 1.6.0.6 -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list