On the host when we start a container, it will be
placed in a cgroup path of
/machine.slice/machine-lxc\x2ddemo.scope
under /sys/fs/cgroup/*
Inside the containers' namespace we need to setup
/sys/fs/cgroup mounts, and currently will bind
mount /machine.slice/machine-lxc\x2ddemo.scope on
the host to appear as / in the container.
While this may sound nice, it confuses applications
dealing with cgroups, because /proc/$PID/cgroup
now does not match the directory in /sys/fs/cgroup
This particularly causes problems for systems and
will make it create repeated path components in
the cgroup for apps run in the container eg
/machine.slice/machine-lxc\x2ddemo.scope/machine.slice/machine-lxc\x2ddemo.scope/user.slice/user-0.slice/session-61.scope
This also causes any systemd service that uses
sd-notify to fail to start, because when systemd
receives the notification it won't be able to
identify the corresponding unit it came from.
In particular this break rabbitmq-server startup
Future kernels will provide proper cgroup namespacing
which will handle this problem, but until that time
we should not try to play games with hiding parent
cgroups.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit
dc576025c360a1d2c89da410d0f3f0da55d0143f)
virCgroupAllowDeviceMajor;
virCgroupAllowDevicePath;
virCgroupAvailable;
+virCgroupBindMount;
virCgroupControllerAvailable;
virCgroupControllerTypeFromString;
virCgroupControllerTypeToString;
virCgroupGetPercpuStats;
virCgroupHasController;
virCgroupHasEmptyTasks;
-virCgroupIsolateMount;
virCgroupKill;
virCgroupKillPainfully;
virCgroupKillRecursive;
/* Now we can re-mount the cgroups controllers in the
* same configuration as before */
- if (virCgroupIsolateMount(cgroup, "/.oldroot/", sec_mount_options) < 0)
+ if (virCgroupBindMount(cgroup, "/.oldroot/", sec_mount_options) < 0)
goto cleanup;
/* Mounts /dev */
int
-virCgroupIsolateMount(virCgroupPtr group, const char *oldroot,
- const char *mountopts)
+virCgroupBindMount(virCgroupPtr group, const char *oldroot,
+ const char *mountopts)
{
int ret = -1;
size_t i;
if (!virFileExists(group->controllers[i].mountPoint)) {
char *src;
- if (virAsprintf(&src, "%s%s%s",
+ if (virAsprintf(&src, "%s%s",
oldroot,
- group->controllers[i].mountPoint,
- group->controllers[i].placement) < 0)
+ group->controllers[i].mountPoint) < 0)
goto cleanup;
VIR_DEBUG("Create mount point '%s'",
int virCgroupKillRecursive(virCgroupPtr group, int signum);
int virCgroupKillPainfully(virCgroupPtr group);
-int virCgroupIsolateMount(virCgroupPtr group,
- const char *oldroot,
- const char *mountopts);
+int virCgroupBindMount(virCgroupPtr group,
+ const char *oldroot,
+ const char *mountopts);
bool virCgroupSupportsCpuBW(virCgroupPtr cgroup);
projects / thirdparty / libvirt.git / commitdiff
