[Devel] [PATCH RH7] cgroup: fix mangle root in CT
Cyrill Gorcunov
gorcunov at virtuozzo.com
Wed Aug 19 01:07:37 PDT 2015
On Wed, Aug 19, 2015 at 10:49:24AM +0300, Pavel Tikhomirov wrote:
>
>
> On 08/19/2015 10:35 AM, Pavel Tikhomirov wrote:
> >cgroups with depth level more than 2 were not mangled inside a
> >container, that might caused problems with docker, docker were able
> >to see in /proc/self/cgroup paths relative to host.
> >
> >PSBM-38634
> >
> >But it is not docker specific:
> >
> >CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice
> >CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice/test.scope
> >CT-103 /# sleep 1000&
> >[1] 578
> >CT-103 /# echo 578 > /sys/fs/cgroup/devices/test.slice/test.scope/tasks
> >
> >with patch:
> >
> >CT-103 /# cat /proc/578/cgroup
> >16:ve:/
> >15:hugetlb:/
> >14:perf_event:/
> >12:net_cls:/
> >11:freezer:/
> >10:devices:/test.slice/test.scope
> >6:name=systemd:/user-0.slice/session-c109.scope
>
> The other thing, I'm not yet sure how to fix now, is that such process
> somehow gets out of ve-103.slice and is in
> /sys/fs/cgroup/systemd/user-0.slice/session-c109.scope if we look from host.
That's because vzctl is started on the node and you're using
vzctl enter to run programs. In contrast if eneter via console
[root at pcs7 ~]# vzctl console 300 1
Attached to CT 300 tty1 (type ESC . to detach)
CentOS Linux 7 (Core)
Kernel 3.10.0-dirty on an x86_64
pcs7 login: root
Password:
Last login: Tue Aug 18 12:13:02 on console
[root at pcs7 ~]# sleep 2000 &
[1] 391
[root at pcs7 ~]# echo 391 > /sys/fs/cgroup/devices/test.slice/test.scope/tasks
...
├─ve-300.slice
│ ├─2240 init -z
...
│ └─user.slice
│ └─user-0.slice
│ └─session-c3.scope
│ ├─2754 login -- root
│ ├─3431 -bash
│ └─3450 sleep 2000
More information about the Devel
mailing list