[CRIU] [PATCH] inet: tcp -- Find size of max memory allowed to restore TCP data, v2

Frederico Araujo araujof at gmail.com
Fri Oct 11 06:04:20 PDT 2013


This is my container's fstab:

proc            proc         proc    nodev,noexec,nosuid 0 0
sysfs           sys          sysfs defaults  0 0
/sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
/sys/kernel/debug sys/kernel/debug none bind 0 0
/sys/kernel/security sys/kernel/security none bind 0 0
/sys/fs/pstore sys/fs/pstore none bind,optional 0 0
/lib/modules lib/modules none bind 0 0

And this the containers configuration:

lxc.mount = /var/lib/lxc/cn/fstab
lxc.tty = 4
lxc.pts = 1024
lxc.devttydir = lxc
lxc.arch = x86_64
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rm
lxc.cgroup.devices.allow = c 10:229 rwm
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 10:228 rwm
lxc.cgroup.devices.allow = c 10:232 rwm
lxc.utsname = cn
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:fc:8d:0f
lxc.cap.drop = sys_module
lxc.cap.drop = mac_admin
lxc.cap.drop = mac_override
lxc.cap.drop = sys_time
lxc.rootfs = /var/lib/lxc/cn/rootfs
lxc.pivotdir = lxc_putold
lxc.aa_profile = unconfined


On Fri, Oct 11, 2013 at 7:56 AM, Frederico Araujo <araujof at gmail.com> wrote:

>  OS supports them, but criu itself is running inside the container, which
> doesn't have them.
>
> On Oct 11, 2013, at 1:02 AM, Cyrill Gorcunov <gorcunov at gmail.com> wrote:
>
> > On Thu, Oct 10, 2013 at 06:32:57PM -0500, Frederico Araujo wrote:
> >>   Sorry, I meant tcp_rmem and tcp_wmem in my previous email.
> >>   Thank you!
> >
> > Wait, these sysctl entries are supposed to be read on host system,
> > you mean your kernel doesn't suppot them, or the criu itself is running
> > in the container?
> >
> >    Cyrill
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20131011/1dd68067/attachment.html>


More information about the CRIU mailing list