Re: [libvirt] [PATCH 2 of 2] Use cgroup functions to set resource limits on LXC domains
On Fri, Oct 03, 2008 at 08:40:24AM -0700, Dan Smith wrote:
This patch adds code to the controller to set up a cgroup named after
the
domain name, set the memory limit, and restrict devices. It also
adds bits to lxc_driver to properly clean up the cgroup on domain death.
If virCgroupHaveSupport() says that no support is available, then we just
allow the domain creation to proceed as it did before without resource
controls in place.
+ struct cgroup_device_policy devices[] = {
+ {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_NULL},
+ {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_ZERO},
+ {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_FULL},
+ {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_RANDOM},
+ {'c', VIR_CG_DEV_MAJ_MEMORY, VIR_CG_DEV_MIN_URANDOM},
+ {'c', VIR_CG_DEV_MAJ_TTY, VIR_CG_DEV_MIN_CONSOLE},
+ {0, 0, 0}};
You're going to hate me for suggesting more changes, but....
This list of devices is currently duplicated in two places - once
here where we set permissions, and again when we actually create
the container and populate its /dev/ in lxc_container.c. Could do
with a master list of device nodes used by both.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|