* Ian jonhson <jonhson.ian@xxxxxxxxx> [2008-12-12 15:33:15]: > Hi again, > > > The container will be more or less isolated depending of what you specify in > > the configuration file. > > > > Without any configuration file, you will have pid, ipc and mount points > > isolated. If you specify the utsname, it will be isolated and if you specify > > the network you will have a new network stack allowing to run for example a > > I have played with lxc-0.3.0 for several days, trying to transplant > existing applications > on the base of container. > > The default configuration can present a view of isolated pid, ipc (e.g. run the > ps or top), however the memory seems not to be isolated. The process in > a container still can see the whole physical memory. Also, my test routine > can still apply more memory than the quota defined in "memory.limit_in_bytes". > > Are there anything missing? > Hi, Ian, With what version of the kernel due you see this problem. The memory controller is undergoing a churn and I think we found something that potentially breaks the memory controller in the current -mm. To verify 1. Can you see the memory.usage_in_bytes corresponding to the control group where you run the container 2. Check tasks file to see that the container tasks are indeed in the container. -- Balbir _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
