IIUC, the real problem is that src/cgroup.c assumes that the cgroup name should be $CGROUP_MOUNTPOINT/groupname. But of course if the ns cgroup is enabled, then the unshare(CLONE_NEWNS) to create a new namespace in which to mount the new devpts locks the driver under $CGROUP_MOUNTPOINT/<pid_of_driver>/ or somesuch. If this fixes the problem I have no objections, but it seems more fragile than perhaps trying to teach src/cgroup.c to consider it's current cgroup as a starting point. -serge Quoting Ryota Ozaki (ozaki.ryota@xxxxxxxxx): > >From 46531182708dc3eb132b14ce2f23fbc639430176 Mon Sep 17 00:00:00 2001 > From: Ryota Ozaki <ozaki.ryota@xxxxxxxxx> > Date: Fri, 8 May 2009 05:31:03 +0900 > Subject: [PATCH] lxc: fix for ns cgroups subsystem > > lxc does not work if ns cgroups subsystem is enabled because > of two factors; one is that ns has a special rule to create > a group[*] unlike other subsystems and the other is lxc > controller creates a new namespace for /dev/pts prior to > create a new group for a domain. Unfortunately the new > namespace breaks the rule of ns and that prevents a lxc > controller from creating a new group. > > This patch addresses the problem by creating a new group > before creating a new namespace (i.e. call unshare syscall). > > Note that this patch is only for the case ns is enabled and > current code works well if it disabled. However, I think > this patch makes sense because not just a few users know > much about cgroups and likely to enable all of subsystems > without notions (i.e. mount cgroups without any options). > > [*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD > --- > src/lxc_controller.c | 6 +++--- > 1 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/lxc_controller.c b/src/lxc_controller.c > index e0fb05d..1231817 100644 > --- a/src/lxc_controller.c > +++ b/src/lxc_controller.c > @@ -458,6 +458,9 @@ lxcControllerRun(virDomainDefPtr def, > goto cleanup; > } > > + if (lxcSetContainerResources(def) < 0) > + goto cleanup; > + > root = virDomainGetRootFilesystem(def); > > /* > @@ -543,9 +546,6 @@ lxcControllerRun(virDomainDefPtr def, > } > > > - if (lxcSetContainerResources(def) < 0) > - goto cleanup; > - > if ((container = lxcContainerStart(def, > nveths, > veths, > -- > 1.6.0.6 > > -- > Libvir-list mailing list > Libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list