于 2012年10月08日 08:43, Gao feng 写道:
> 于 2012年09月26日 02:37, Daniel P. Berrange 写道:
>> > On Tue, Sep 11, 2012 at 10:54:48AM +0800, Gao feng wrote:
>>> >> this patch addes fuse support for libvirt lxc.
>>> >> we can use fuse filesystem to generate sysinfo dynamically,
>>> >> So we can isolate /proc/meminfo,cpuinfo and so on through
>>> >> fuse filesystem.
>>> >>
>>> >> we mount fuse filesystem for every container.the mount name
>>> >> is Lxc-containename-fuse,mount point is
>>> >> localstatedir/run/libvirt/lxc/containername.
>>> >>
>>> >> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
>> >
>>> >> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
>>> >> index e5aea11..c5f4951 100644
>>> >> --- a/src/lxc/lxc_controller.c
>>> >> +++ b/src/lxc/lxc_controller.c
>>> >> @@ -1657,6 +1659,14 @@ int main(int argc, char *argv[])
>>> >> }
>>> >> }
>>> >>
>>> >> + rc = virThreadCreate(&thread, true, lxcRegisterFuse,
>>> >> + (void *)ctrl->def);
>>> >> + if (rc < 0) {
>>> >> + virReportSystemError(-rc, "%s",
>>> >> + _("Create Fuse filesystem failed"));
>>> >> + goto cleanup;
>>> >> + }
>>> >> +
>> >
>> > This is the wrong place to start FUSE. At this point the LXC
>> > controller is still sharing its mount namespace with the host
>> > OS. This causes the FUSE mount for each container to become
>> > visible in the host, which is not what we want.
> sorry for the delay.
>
> I think it's correct,because host can see container's meminfo
> through cgroup too.NOW the container's cgroup can be seen and
> modified in container too,I don't know why this is necessary?
>
Hi Daniel
Can you give me some comments?
Thanks!
Gao
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list