On 2013/03/27 13:26, Gao feng wrote:
On 2013/03/20 16:14, Gao feng wrote:
There are 3 reason we need to rework the cgroupfs mounting in container.
1, Yin Olivia reported a "failed to mount cgroup" problem, now we given that the name of cgroup mount point is same with the subsystem type, Or libvirt_lxc will fail to start.
2, The cgroup configuration is leaked to the container, even user can change host's cgroup configuration in container.
3, After we enable userns, the cgroupfs is unable to be mounted in uninit-userns.
This patch tries to resolve these 3 problem, uses mount --bind to set cgroupfs for container.
It means the directory /sys/fs/cgroup/memory/libvirt/lxc/domain of host will be binded to the directory /sys/fs/cgroup/memory of container.
Hi Daniel,
what's your idea about this patch?
Ping Again