From: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
Subject: Re: liblxc and cgroups
Date: Tue, 18 Nov 2008 10:34:10 +0100 [thread overview]
Message-ID: <49228C12.3060802@fr.ibm.com> (raw)
In-Reply-To: <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
Daniel Lezcano wrote:
> Serge E. Hallyn wrote:
>> Hi Daniel,
>>
>> I'm playing with liblxc containers and the device whitelist cgroup.
>> One thing which makes the devices cgroup unique from the others is
>> that there can be many entries to the devices.allow (and in theory
>> also to devices.deny) file. liblxc doesn't support that right now.
>> This needs to be fixed in two places.
>> First, lxc_conf.c:write_info needs to write multiple entries
>> from the .conf file into the cgroups/devices.allow file. I just
>> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
>> which seemed to work for me, but I'm not sure if that might adversely
>> affect other code which counted on the truncation implicit in creat()?
>> Secondly, the lxc_cgroup_copy needs to do a loop and write the
>> entries one by one into the cgroup file. I'm just doing a dumb
>> unsafe fgets loop, but I actually don't have that working yet,
>> (which is why I'm not sending a patch - I figure you can whip
>> something robust up in 2 seconds)
>
> Serge, thanks for investigating this bug.
> I will look how to fix that without breaking previous container
> configuration.
Fixed and commited to CVS.
I will do a new release as soon as I finish the man pages.
Oren,
is there any change I have to care about before releasing a new version ?
Thanks.
-- Daniel
next prev parent reply other threads:[~2008-11-18 9:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-08 23:51 liblxc and cgroups Serge E. Hallyn
[not found] ` <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-11-10 14:48 ` Daniel Lezcano
[not found] ` <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-18 9:34 ` Daniel Lezcano [this message]
[not found] ` <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-20 15:40 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49228C12.3060802@fr.ibm.com \
--to=dlezcano-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox