liblxc and cgroups

[Daniel Lezcano]

Daniel Lezcano wrote:
> Serge E. Hallyn wrote:
>> Hi Daniel,
>>
>> I'm playing with liblxc containers and the device whitelist cgroup.
>> One thing which makes the devices cgroup unique from the others is
>> that there can be many entries to the devices.allow (and in theory
>> also to devices.deny) file.  liblxc doesn't support that right now.
>> This needs to be fixed in two places.
>> First, lxc_conf.c:write_info needs to write multiple entries
>> from the .conf file into the cgroups/devices.allow file.  I just
>> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
>> which seemed to work for me, but I'm not sure if that might adversely
>> affect other code which counted on the truncation implicit in creat()?
>> Secondly, the lxc_cgroup_copy needs to do a loop and write the
>> entries one by one into the cgroup file.  I'm just doing a dumb
>> unsafe fgets loop, but I actually don't have that working yet,
>> (which is why I'm not sending a patch - I figure you can whip
>> something robust up in 2 seconds)
> 
> Serge, thanks for investigating this bug.
> I will look how to fix that without breaking previous container 
> configuration.

Fixed and commited to CVS.

I will do a new release as soon as I finish the man pages.

Oren,

is there any change I have to care about before releasing a new version ?

Thanks.
   -- Daniel