This series of patches introduces cgroups support to the QEMU driver. At this time it uses the 'devices' controller to whitelist block devices for QEMU guests to prevent unauthorized access. It uses the 'cpu_shares' controller to allow schedular tunables on a per guest basis. In the future we should use the 'memory' controller to enforce the limit set in the balloon driver ie if the guest does not honour the balloon request, then force the guest into swap, avoiding host overcommit. There is also some refactoring of the cgroups code to remove the assumption that libvirtd is starting in the root cgroup, remove the requirement that all controllers be active, and allow for use in non-privileged drivers. Daniel P. Berrange (7): Use enums for cgroup controller types / labels Use virFileReadAll/virFileWriteStr for key cgroup read/write helpers Make cgroups a little more efficient Place every QEMU guest in a private cgroup Implement schedular tunables API using cgroups Use cgroups for block device whitelisting in QEMU guests Refactor cgroups to allow a group per driver to be managed directly src/cgroup.c | 861 ++++++++++++++++++++++++++-------------------- src/cgroup.h | 28 +- src/libvirt_private.syms | 1 + src/lxc_conf.h | 2 + src/lxc_controller.c | 19 +- src/lxc_driver.c | 25 +- src/qemu_conf.h | 2 + src/qemu_driver.c | 355 ++++++++++++++++++- src/util.c | 27 ++- src/util.h | 2 + 10 files changed, 904 insertions(+), 420 deletions(-) -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list