From: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: liblxc and cgroups
Date: Mon, 10 Nov 2008 15:48:58 +0100 [thread overview]
Message-ID: <491849DA.7060204@fr.ibm.com> (raw)
In-Reply-To: <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Serge E. Hallyn wrote:
> Hi Daniel,
>
> I'm playing with liblxc containers and the device whitelist cgroup.
> One thing which makes the devices cgroup unique from the others is
> that there can be many entries to the devices.allow (and in theory
> also to devices.deny) file. liblxc doesn't support that right now.
> This needs to be fixed in two places.
> First, lxc_conf.c:write_info needs to write multiple entries
> from the .conf file into the cgroups/devices.allow file. I just
> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
> which seemed to work for me, but I'm not sure if that might adversely
> affect other code which counted on the truncation implicit in creat()?
> Secondly, the lxc_cgroup_copy needs to do a loop and write the
> entries one by one into the cgroup file. I'm just doing a dumb
> unsafe fgets loop, but I actually don't have that working yet,
> (which is why I'm not sending a patch - I figure you can whip
> something robust up in 2 seconds)
Serge, thanks for investigating this bug.
I will look how to fix that without breaking previous container
configuration.
-- Daniel
next prev parent reply other threads:[~2008-11-10 14:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-08 23:51 liblxc and cgroups Serge E. Hallyn
[not found] ` <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-11-10 14:48 ` Daniel Lezcano [this message]
[not found] ` <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-18 9:34 ` Daniel Lezcano
[not found] ` <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-20 15:40 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=491849DA.7060204@fr.ibm.com \
--to=dlezcano-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox