Re: [libvirt] [PATCH 2/2] LXC: rework mounting cgroupfs in container

On 2013/03/20 16:14, Gao feng wrote: > There are 3 reason we need to rework the cgroupfs > mounting in container. > > 1, Yin Olivia reported a "failed to mount cgroup" > problem, now we given that the name of cgroup mount point > is same with the subsystem type, Or libvirt_lxc > will fail to start. > > 2, The cgroup configuration is leaked to the container, > even user can change host's cgroup configuration in > container. > > 3, After we enable userns, the cgroupfs is unable to be > mounted in uninit-userns. > > This patch tries to resolve these 3 problem, > uses mount --bind to set cgroupfs for container. > > It means the directory /sys/fs/cgroup/memory/libvirt/lxc/domain > of host will be binded to the directory /sys/fs/cgroup/memory of > container. > Hi Daniel, what's your idea about this patch?