From: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
To: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: liblxc and cgroups
Date: Thu, 20 Nov 2008 10:40:11 -0500 [thread overview]
Message-ID: <492584DB.8030604@cs.columbia.edu> (raw)
In-Reply-To: <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
Daniel Lezcano wrote:
> Daniel Lezcano wrote:
>> Serge E. Hallyn wrote:
>>> Hi Daniel,
>>>
>>> I'm playing with liblxc containers and the device whitelist cgroup.
>>> One thing which makes the devices cgroup unique from the others is
>>> that there can be many entries to the devices.allow (and in theory
>>> also to devices.deny) file. liblxc doesn't support that right now.
>>> This needs to be fixed in two places.
>>> First, lxc_conf.c:write_info needs to write multiple entries
>>> from the .conf file into the cgroups/devices.allow file. I just
>>> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
>>> which seemed to work for me, but I'm not sure if that might adversely
>>> affect other code which counted on the truncation implicit in creat()?
>>> Secondly, the lxc_cgroup_copy needs to do a loop and write the
>>> entries one by one into the cgroup file. I'm just doing a dumb
>>> unsafe fgets loop, but I actually don't have that working yet,
>>> (which is why I'm not sending a patch - I figure you can whip
>>> something robust up in 2 seconds)
>>
>> Serge, thanks for investigating this bug.
>> I will look how to fix that without breaking previous container
>> configuration.
>
> Fixed and commited to CVS.
>
> I will do a new release as soon as I finish the man pages.
>
> Oren,
>
> is there any change I have to care about before releasing a new version ?
not yet. I'm running a bit behind, and hope to post new version around
the weekend.
Oren.
prev parent reply other threads:[~2008-11-20 15:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-08 23:51 liblxc and cgroups Serge E. Hallyn
[not found] ` <20081108235107.GA15761-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-11-10 14:48 ` Daniel Lezcano
[not found] ` <491849DA.7060204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-18 9:34 ` Daniel Lezcano
[not found] ` <49228C12.3060802-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-11-20 15:40 ` Oren Laadan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=492584DB.8030604@cs.columbia.edu \
--to=orenl-eqauephvms7envbuuze7ea@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox