In that case containers will be able to mount cgroup filesystems
for themselves as they do on a host.
This fixes inability to start systemd based containers on cgns-enabled
kernels with cgmanager not running.
I've tested debian jessie, busybox, ubuntu trusty and xenial, all of
which booted ok. However if there are some setups which require
premounted cgroupfs (i.e. they don't mount if they detect being in
a container), this may cause trouble.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
the container's own cgroup into that directory.
The container will be able to write to its own
cgroup directory, but not the parents, since they
- will be remounted read-only
+ will be remounted read-only.
</para>
</listitem>
<listitem>
</para>
</listitem>
</itemizedlist>
+ <para>
+ If cgroup namespaces are enabled, then any <option>cgroup</option>
+ auto-mounting request will be ignored, since the container can
+ mount the filesystems itself, and automounting can confuse the
+ container init.
+ </para>
<para>
Note that if automatic mounting of the cgroup filesystem
is enabled, the tmpfs under
struct cgroup_process_info *info, *base_info;
int r, saved_errno = 0;
+ if (cgns_supported())
+ return true;
+
cgfs_d = hdata;
if (!cgfs_d)
return false;
projects / thirdparty / lxc.git / commitdiff
