Dan Smith wrote:
This patch set adds basic cgroup support to the LXC driver. It
consists of
a small internal cgroup manipulation API, as well as changes to the driver
itself to utilize the support. Currently, we just set a memory limit
and the allowed devices list. The cgroup.{c,h} interface can be easily
redirected to libcgroup in the future if and when the decision to move in
that direction is made.
Some discussion on the following points is probably warranted, to help
determine how deep we want to go with this internal implementation, in terms'
of supporting complex system configurations, etc.
- What to do if controllers are mounted in multiple places
For all practical purposes, it is not possible to mount all controllers at the
same place. Consider a simple case of "ns", if the ns controller is mounted,
you
need root permissions to create new groups, which defeats the whole purpose of
the cgroup filesystem and assigning permissions, so that an application can
create groups on it own.
- What to do if memory and device controllers aren't present
- What to do if the root group is set for exclusive cpuset behavior
These need to be fixed as well.
--
Balbir