On 2013/03/13 18:59, Daniel P. Berrange wrote: > On Mon, Mar 11, 2013 at 02:26:49PM +0800, Gao feng wrote: >> Since we can't mount cgroupfs in uninit user namespace >> now. only mount cgroupfs when userns is disabled. >> >> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx> >> --- >> src/lxc/lxc_container.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c >> index 5c66ae3..92af3e5 100644 >> --- a/src/lxc/lxc_container.c >> +++ b/src/lxc/lxc_container.c >> @@ -1979,7 +1979,8 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, >> >> /* Now we can re-mount the cgroups controllers in the >> * same configuration as before */ >> - if (lxcContainerMountCGroups(mounts, nmounts, >> + if (vmDef->os.userns != VIR_DOMAIN_USER_NS_ENABLED && >> + lxcContainerMountCGroups(mounts, nmounts, >> cgroupRoot, sec_mount_options) < 0) >> goto cleanup; >> >> @@ -2087,7 +2088,8 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef, >> >> /* Now we can re-mount the cgroups controllers in the >> * same configuration as before */ >> - if (lxcContainerMountCGroups(mounts, nmounts, >> + if (vmDef->os.userns != VIR_DOMAIN_USER_NS_ENABLED && >> + lxcContainerMountCGroups(mounts, nmounts, >> cgroupRoot, sec_mount_options) < 0) >> goto cleanup; > > I'm not sure that this is the right approach for this. If we can't mount > the cgroups filesystems, then we need preserve the existing mounts from > the host in some way, rather than unmounting them. > I wonder if we should use mount --bind to set cgroupfs for container. we can mount the directory /sys/fs/cgroup/memory/libvirt/lxc/domain of host to the directory /sys/fs/cgroup/memory of container. This can also resolve the cgroup configuration leak problem, and can also resolve the "failed to mount cgroup" problem reported by Yin Olivia. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list