2009/8/26 Daniel Lezcano <daniel.lezcano@xxxxxxx> > KAMEZAWA Hiroyuki wrote: > >> On Mon, 24 Aug 2009 16:11:15 +0200 >> Daniel Lezcano <daniel.lezcano@xxxxxxx> wrote: >> >> >> >>> [ snip ] >>> >>> >>>> i think that /proc/meminfo should be mounted after /proc . why? i think >>>>>> that, because mounting /proc may override /proc/meminfo >>>>>> Am I right? :) >>>>>> >>>>>> >>>>>> >>>>>> >>>>> Ha ! haha ! arrgh ! no way ! You are right :/ >>>>> >>>>> >>>>> >>>> Hehe ;) >>>> >>>> >>>> >>>>> In the case of application container, lxc mounts /proc but in the case >>>>> of >>>>> system container it is the system who do that so after the >>>>> /proc/meminfo has >>>>> been mounted. >>>>> >>>>> Maybe we can look at modifying fs/proc/meminfo.c instead. Let me do a >>>>> small >>>>> patch for the kernel... >>>>> >>>>> >>>>> >>>>> >>>> Okey. I am waiting for your patch :) >>>> >>>> >>> Quick and dirty patch but at least working. It is no synced on the latest >>> kernel version. >>> I do not really like to touch fs/proc/meminfo.c but it's an example here. >>> >>> >>> >> >> I'll strongly Nack to this. >> plz find a way to ln -s /path_to_cgroup/memory.meminfo >> /mycontainer/meminfo >> >> > > Yep, I agree with you, I don't like this approach. > > We are trying to solve the problem of the userspace tools which look at the > /proc/meminfo file to display memory informations. That looks weird to set a > max memory usage of 256MB via the cgroup and having the 'free' command > showing 4GB of total memory. More than looking weird, Dietmar explained that > can puzzle applications relying on these informations for taking some > decisions. > > If we consider having /cgroup/mycontainer/memory.meminfo with memory > information in the same format than /proc/meminfo, that solves partially the > problem: > - we run an application container, the application won't mount /proc so the > lxc tools do that for the application (at least to isolate the pids > information), it is easy to mount --bind /cgroup/mycontainer/memory.meminfo > to /proc/meminfo before the application takes the control, that is to say > before 'exec'. Tested and verified with the memory tools (free, top, etc > ...) > > - we run a system container, we can do this mount-bind but when the > application, aka /sbin/init, takes the control, the /proc is mounted by the > system services, so we lose the /proc/meminfo we previously set. Hence > meminfo in the cgroup directory does not solve the problem for this use > case. > > Any ideas ? > > If I may... I have been thinking about that last few days and... I think that mounting /proc/meminfo can be done with mounted cgrop and secured by SMACK64. I will test it tonight and give you raport how does it works for me. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
