On 2013/04/05 19:29, Daniel P. Berrange wrote: > On Fri, Apr 05, 2013 at 10:16:43AM +0800, Gao feng wrote: >> On 2013/03/27 13:26, Gao feng wrote: >>> On 2013/03/20 16:14, Gao feng wrote: >>>> There are 3 reason we need to rework the cgroupfs >>>> mounting in container. >>>> >>>> 1, Yin Olivia reported a "failed to mount cgroup" >>>> problem, now we given that the name of cgroup mount point >>>> is same with the subsystem type, Or libvirt_lxc >>>> will fail to start. >>>> >>>> 2, The cgroup configuration is leaked to the container, >>>> even user can change host's cgroup configuration in >>>> container. >>>> >>>> 3, After we enable userns, the cgroupfs is unable to be >>>> mounted in uninit-userns. >>>> >>>> This patch tries to resolve these 3 problem, >>>> uses mount --bind to set cgroupfs for container. >>>> >>>> It means the directory /sys/fs/cgroup/memory/libvirt/lxc/domain >>>> of host will be binded to the directory /sys/fs/cgroup/memory of >>>> container. >>>> >>> >>> what's your idea about this patch? >>> >> >> Ping Again > > The pach has the right idea, but it clashes with the refactoring I've > done for cgroups and LXC. I'll update your patch to apply ontop of this > series: > > https://www.redhat.com/archives/libvir-list/2013-April/msg00352.html > > and copy you on the mail when i post it. > Ok,I will wait for your upgrade, Thanks for your work. Gao -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list