[Devel] Re: liblxc and cgroups
Daniel Lezcano
dlezcano at fr.ibm.com
Mon Nov 10 06:48:58 PST 2008
Serge E. Hallyn wrote:
> Hi Daniel,
>
> I'm playing with liblxc containers and the device whitelist cgroup.
> One thing which makes the devices cgroup unique from the others is
> that there can be many entries to the devices.allow (and in theory
> also to devices.deny) file. liblxc doesn't support that right now.
> This needs to be fixed in two places.
> First, lxc_conf.c:write_info needs to write multiple entries
> from the .conf file into the cgroups/devices.allow file. I just
> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755)
> which seemed to work for me, but I'm not sure if that might adversely
> affect other code which counted on the truncation implicit in creat()?
> Secondly, the lxc_cgroup_copy needs to do a loop and write the
> entries one by one into the cgroup file. I'm just doing a dumb
> unsafe fgets loop, but I actually don't have that working yet,
> (which is why I'm not sending a patch - I figure you can whip
> something robust up in 2 seconds)
Serge, thanks for investigating this bug.
I will look how to fix that without breaking previous container
configuration.
-- Daniel
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list