liblxc and cgroups

[Oren Laadan]

Daniel Lezcano wrote:
> Daniel Lezcano wrote:
>> Serge E. Hallyn wrote:
>>> Hi Daniel,
>>>
>>> I'm playing with liblxc containers and the device whitelist cgroup.
>>> One thing which makes the devices cgroup unique from the others is
>>> that there can be many entries to the devices.allow (and in theory
>>> also to devices.deny) file.  liblxc doesn't support that right now.
>>> This needs to be fixed in two places.
>>> First, lxc_conf.c:write_info needs to write multiple entries
>>> from the .conf file into the cgroups/devices.allow file.  I just
>>> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
>>> which seemed to work for me, but I'm not sure if that might adversely
>>> affect other code which counted on the truncation implicit in creat()?
>>> Secondly, the lxc_cgroup_copy needs to do a loop and write the
>>> entries one by one into the cgroup file.  I'm just doing a dumb
>>> unsafe fgets loop, but I actually don't have that working yet,
>>> (which is why I'm not sending a patch - I figure you can whip
>>> something robust up in 2 seconds)
>>
>> Serge, thanks for investigating this bug.
>> I will look how to fix that without breaking previous container
>> configuration.
> 
> Fixed and commited to CVS.
> 
> I will do a new release as soon as I finish the man pages.
> 
> Oren,
> 
> is there any change I have to care about before releasing a new version ?

not yet. I'm running a bit behind, and hope to post new version around
the weekend.

Oren.