Hi Serge, On Fri, May 8, 2009 at 11:48 AM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > IIUC, the real problem is that src/cgroup.c assumes that the > cgroup name should be $CGROUP_MOUNTPOINT/groupname. But of > course if the ns cgroup is enabled, then the unshare(CLONE_NEWNS) > to create a new namespace in which to mount the new devpts > locks the driver under $CGROUP_MOUNTPOINT/<pid_of_driver>/ > or somesuch. > > If this fixes the problem I have no objections, but it seems > more fragile than perhaps trying to teach src/cgroup.c to > consider it's current cgroup as a starting point. hmm, I don't know why the assumption is bad and how the approach you are suggesting helps the ns problem. Thanks, ozaki-r > > -serge > > Quoting Ryota Ozaki (ozaki.ryota@xxxxxxxxx): >> >From 46531182708dc3eb132b14ce2f23fbc639430176 Mon Sep 17 00:00:00 2001 >> From: Ryota Ozaki <ozaki.ryota@xxxxxxxxx> >> Date: Fri, 8 May 2009 05:31:03 +0900 >> Subject: [PATCH] lxc: fix for ns cgroups subsystem >> >> lxc does not work if ns cgroups subsystem is enabled because >> of two factors; one is that ns has a special rule to create >> a group[*] unlike other subsystems and the other is lxc >> controller creates a new namespace for /dev/pts prior to >> create a new group for a domain. Unfortunately the new >> namespace breaks the rule of ns and that prevents a lxc >> controller from creating a new group. >> >> This patch addresses the problem by creating a new group >> before creating a new namespace (i.e. call unshare syscall). >> >> Note that this patch is only for the case ns is enabled and >> current code works well if it disabled. However, I think >> this patch makes sense because not just a few users know >> much about cgroups and likely to enable all of subsystems >> without notions (i.e. mount cgroups without any options). >> >> [*] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/ns_cgroup.c;hb=HEAD >> --- >> src/lxc_controller.c | 6 +++--- >> 1 files changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/src/lxc_controller.c b/src/lxc_controller.c >> index e0fb05d..1231817 100644 >> --- a/src/lxc_controller.c >> +++ b/src/lxc_controller.c >> @@ -458,6 +458,9 @@ lxcControllerRun(virDomainDefPtr def, >> goto cleanup; >> } >> >> + if (lxcSetContainerResources(def) < 0) >> + goto cleanup; >> + >> root = virDomainGetRootFilesystem(def); >> >> /* >> @@ -543,9 +546,6 @@ lxcControllerRun(virDomainDefPtr def, >> } >> >> >> - if (lxcSetContainerResources(def) < 0) >> - goto cleanup; >> - >> if ((container = lxcContainerStart(def, >> nveths, >> veths, >> -- >> 1.6.0.6 >> >> -- >> Libvir-list mailing list >> Libvir-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/libvir-list > -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list