[CRIU] [PATCH] inet: tcp -- Find size of max memory allowed to restore TCP data, v2
Frederico Araujo
araujof at gmail.com
Fri Oct 11 06:04:20 PDT 2013
This is my container's fstab:
proc proc proc nodev,noexec,nosuid 0 0
sysfs sys sysfs defaults 0 0
/sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
/sys/kernel/debug sys/kernel/debug none bind 0 0
/sys/kernel/security sys/kernel/security none bind 0 0
/sys/fs/pstore sys/fs/pstore none bind,optional 0 0
/lib/modules lib/modules none bind 0 0
And this the containers configuration:
lxc.mount = /var/lib/lxc/cn/fstab
lxc.tty = 4
lxc.pts = 1024
lxc.devttydir = lxc
lxc.arch = x86_64
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rm
lxc.cgroup.devices.allow = c 10:229 rwm
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 10:228 rwm
lxc.cgroup.devices.allow = c 10:232 rwm
lxc.utsname = cn
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:fc:8d:0f
lxc.cap.drop = sys_module
lxc.cap.drop = mac_admin
lxc.cap.drop = mac_override
lxc.cap.drop = sys_time
lxc.rootfs = /var/lib/lxc/cn/rootfs
lxc.pivotdir = lxc_putold
lxc.aa_profile = unconfined
On Fri, Oct 11, 2013 at 7:56 AM, Frederico Araujo <araujof at gmail.com> wrote:
> OS supports them, but criu itself is running inside the container, which
> doesn't have them.
>
> On Oct 11, 2013, at 1:02 AM, Cyrill Gorcunov <gorcunov at gmail.com> wrote:
>
> > On Thu, Oct 10, 2013 at 06:32:57PM -0500, Frederico Araujo wrote:
> >> Sorry, I meant tcp_rmem and tcp_wmem in my previous email.
> >> Thank you!
> >
> > Wait, these sysctl entries are supposed to be read on host system,
> > you mean your kernel doesn't suppot them, or the criu itself is running
> > in the container?
> >
> > Cyrill
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20131011/1dd68067/attachment.html>
More information about the CRIU
mailing list