liblxc and cgroups
Serge E. Hallyn
serue at us.ibm.com
Sat Nov 8 15:51:08 PST 2008
Hi Daniel,
I'm playing with liblxc containers and the device whitelist cgroup.
One thing which makes the devices cgroup unique from the others is
that there can be many entries to the devices.allow (and in theory
also to devices.deny) file. liblxc doesn't support that right now.
This needs to be fixed in two places.
First, lxc_conf.c:write_info needs to write multiple entries
from the .conf file into the cgroups/devices.allow file. I just
changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
which seemed to work for me, but I'm not sure if that might adversely
affect other code which counted on the truncation implicit in creat()?
Secondly, the lxc_cgroup_copy needs to do a loop and write the
entries one by one into the cgroup file. I'm just doing a dumb
unsafe fgets loop, but I actually don't have that working yet,
(which is why I'm not sending a patch - I figure you can whip
something robust up in 2 seconds)
thanks,
-serge
More information about the Containers
mailing list