Now we mount /dev as tmpfs and haven't created directory /dev/shm,so the glibc api such as shm_open/sem_open will create files under dir /dev.(since /dev is mounted as tmpfs) Through these api still useable in container,but this cause directory /dev looks a little chaos. We already have filesystem type "ram",if user want to limit the memory usage of /dev/shm,he should configure the XML,so we only need to create directroy /dev/shm.If user configure the filesystem type on /dev/shm, we will mount it on /dev/shm then. This patch create directory /dev/shm automatically,the files created by shm_open/sem_open will stay in this directroy. This patch also enlarge the size of directroy /dev to the half of container's memory,64k may be too small to contain POSIX shared memory and named semphore. Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com&gt; --- src/lxc/lxc_container.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 497539c..eba3e68 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -504,7 +504,8 @@ err: static int lxcContainerMountBasicFS(bool pivotRoot, - char *sec_mount_options) + char *sec_mount_options, + virDomainDefPtr vmDef) { const struct { const char *src; @@ -567,12 +568,22 @@ static int lxcContainerMountBasicFS(bool pivotRoot, if (pivotRoot) { /* - * tmpfs is limited to 64kb, since we only have device nodes in there - * and don't want to DOS the entire OS RAM usage + * tmpfs is limited to half of container's memory, + * since we not only have device nodes in there,we + * may have POSIX shared memory object and named + * semphore in there too. */ - ignore_value(virAsprintf(&opts, - "mode=755,size=65536%s", sec_mount_options)); + if (vmDef->mem.max_balloon != VIR_DOMAIN_MEMORY_PARAM_UNLIMITED) { + unsigned long long size = 0; + size = vmDef->mem.max_balloon << 9; + ignore_value(virAsprintf(&opts, + "mode=755,size=%llu%s", size, sec_mount_options)); + } else { + ignore_value(virAsprintf(&opts, + "mode=755,%s", sec_mount_options)); + } + if (!opts) { virReportOOMError(); goto cleanup; @@ -586,6 +597,13 @@ static int lxcContainerMountBasicFS(bool pivotRoot, "devfs", "/dev", "tmpfs", opts); goto cleanup; } + + VIR_DEBUG("create directory /dev/shm for POSIX shared memory and named semphore"); + if (virFileMakePath("/dev/shm") < 0) { + virReportSystemError(errno, "%s", + _("Failed to mkdir /dev/shm")); + goto cleanup; + } } rc = 0; @@ -1947,7 +1965,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, goto cleanup; /* Mounts the core /proc, /sys, etc filesystems */ - if (lxcContainerMountBasicFS(true, sec_mount_options) < 0) + if (lxcContainerMountBasicFS(true, sec_mount_options, vmDef) < 0) goto cleanup; /* Mounts /proc/meminfo etc sysinfo */ @@ -2055,7 +2073,7 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef, goto cleanup; /* Mounts the core /proc, /sys, etc filesystems */ - if (lxcContainerMountBasicFS(false, sec_mount_options) < 0) + if (lxcContainerMountBasicFS(false, sec_mount_options, vmDef) < 0) goto cleanup; /* Mounts /proc/meminfo etc sysinfo */ -- 1.7.11.7