* liblxc and cgroups
@ 2008-11-08 23:51 Serge E. Hallyn
[not found] ` <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: Serge E. Hallyn @ 2008-11-08 23:51 UTC (permalink / raw)
To: Daniel Lezcano; +Cc: Linux Containers
Hi Daniel,
I'm playing with liblxc containers and the device whitelist cgroup.
One thing which makes the devices cgroup unique from the others is
that there can be many entries to the devices.allow (and in theory
also to devices.deny) file. liblxc doesn't support that right now.
This needs to be fixed in two places.
First, lxc_conf.c:write_info needs to write multiple entries
from the .conf file into the cgroups/devices.allow file. I just
changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
which seemed to work for me, but I'm not sure if that might adversely
affect other code which counted on the truncation implicit in creat()?
Secondly, the lxc_cgroup_copy needs to do a loop and write the
entries one by one into the cgroup file. I'm just doing a dumb
unsafe fgets loop, but I actually don't have that working yet,
(which is why I'm not sending a patch - I figure you can whip
something robust up in 2 seconds)
thanks,
-serge
^ permalink raw reply [flat|nested] 4+ messages in thread[parent not found: <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>]
* Re: liblxc and cgroups [not found] ` <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> @ 2008-11-10 14:48 ` Daniel Lezcano [not found] ` <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> 0 siblings, 1 reply; 4+ messages in thread From: Daniel Lezcano @ 2008-11-10 14:48 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: Linux Containers Serge E. Hallyn wrote: > Hi Daniel, > > I'm playing with liblxc containers and the device whitelist cgroup. > One thing which makes the devices cgroup unique from the others is > that there can be many entries to the devices.allow (and in theory > also to devices.deny) file. liblxc doesn't support that right now. > This needs to be fixed in two places. > First, lxc_conf.c:write_info needs to write multiple entries > from the .conf file into the cgroups/devices.allow file. I just > changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755) > which seemed to work for me, but I'm not sure if that might adversely > affect other code which counted on the truncation implicit in creat()? > Secondly, the lxc_cgroup_copy needs to do a loop and write the > entries one by one into the cgroup file. I'm just doing a dumb > unsafe fgets loop, but I actually don't have that working yet, > (which is why I'm not sending a patch - I figure you can whip > something robust up in 2 seconds) Serge, thanks for investigating this bug. I will look how to fix that without breaking previous container configuration. -- Daniel ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>]
* Re: liblxc and cgroups [not found] ` <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> @ 2008-11-18 9:34 ` Daniel Lezcano [not found] ` <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> 0 siblings, 1 reply; 4+ messages in thread From: Daniel Lezcano @ 2008-11-18 9:34 UTC (permalink / raw) To: Serge E. Hallyn, Oren Laadan; +Cc: Linux Containers, Daniel Lezcano Daniel Lezcano wrote: > Serge E. Hallyn wrote: >> Hi Daniel, >> >> I'm playing with liblxc containers and the device whitelist cgroup. >> One thing which makes the devices cgroup unique from the others is >> that there can be many entries to the devices.allow (and in theory >> also to devices.deny) file. liblxc doesn't support that right now. >> This needs to be fixed in two places. >> First, lxc_conf.c:write_info needs to write multiple entries >> from the .conf file into the cgroups/devices.allow file. I just >> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755) >> which seemed to work for me, but I'm not sure if that might adversely >> affect other code which counted on the truncation implicit in creat()? >> Secondly, the lxc_cgroup_copy needs to do a loop and write the >> entries one by one into the cgroup file. I'm just doing a dumb >> unsafe fgets loop, but I actually don't have that working yet, >> (which is why I'm not sending a patch - I figure you can whip >> something robust up in 2 seconds) > > Serge, thanks for investigating this bug. > I will look how to fix that without breaking previous container > configuration. Fixed and commited to CVS. I will do a new release as soon as I finish the man pages. Oren, is there any change I have to care about before releasing a new version ? Thanks. -- Daniel ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>]
* Re: liblxc and cgroups [not found] ` <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> @ 2008-11-20 15:40 ` Oren Laadan 0 siblings, 0 replies; 4+ messages in thread From: Oren Laadan @ 2008-11-20 15:40 UTC (permalink / raw) To: Daniel Lezcano; +Cc: Linux Containers Daniel Lezcano wrote: > Daniel Lezcano wrote: >> Serge E. Hallyn wrote: >>> Hi Daniel, >>> >>> I'm playing with liblxc containers and the device whitelist cgroup. >>> One thing which makes the devices cgroup unique from the others is >>> that there can be many entries to the devices.allow (and in theory >>> also to devices.deny) file. liblxc doesn't support that right now. >>> This needs to be fixed in two places. >>> First, lxc_conf.c:write_info needs to write multiple entries >>> from the .conf file into the cgroups/devices.allow file. I just >>> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755) >>> which seemed to work for me, but I'm not sure if that might adversely >>> affect other code which counted on the truncation implicit in creat()? >>> Secondly, the lxc_cgroup_copy needs to do a loop and write the >>> entries one by one into the cgroup file. I'm just doing a dumb >>> unsafe fgets loop, but I actually don't have that working yet, >>> (which is why I'm not sending a patch - I figure you can whip >>> something robust up in 2 seconds) >> >> Serge, thanks for investigating this bug. >> I will look how to fix that without breaking previous container >> configuration. > > Fixed and commited to CVS. > > I will do a new release as soon as I finish the man pages. > > Oren, > > is there any change I have to care about before releasing a new version ? not yet. I'm running a bit behind, and hope to post new version around the weekend. Oren. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-11-20 15:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-08 23:51 liblxc and cgroups Serge E. Hallyn
[not found] ` <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-11-10 14:48 ` Daniel Lezcano
[not found] ` <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-18 9:34 ` Daniel Lezcano
[not found] ` <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-20 15:40 ` Oren Laadan
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.