[Devel] [patch rh7 2/2] cgroup: Mangle cgroups root from inside of VE view

Vladimir Davydov vdavydov at parallels.com
Fri May 29 01:37:35 PDT 2015


On Fri, May 29, 2015 at 11:30:00AM +0300, Cyrill Gorcunov wrote:
> On Fri, May 29, 2015 at 11:18:52AM +0300, Vladimir Davydov wrote:
> > Hi Cyrill,
> > 
> > On Tue, May 26, 2015 at 06:00:52PM +0300, Cyrill Gorcunov wrote:
> > > We're bindmounting cgroups for container so if say a container
> > > is having CTID=200 then @cgroups and @mountinfo output will
> > > contain /200 as a root. Which makes Docker to lookup for
> > > appropriate directory inside /sys/fs/cgroup/<controller>
> > > which of course not present because of been bindmounted
> > > from the node (note we can't bindmount into
> > > <controller>/<container> here because it confuses container's
> > > systemd instance and it stuck on boot).
> > 
> > How is it supposed to be sorted out upstream? Does it mean that systemd
> > simply cannot run inside a container?
> 
> No it can and it does run inside container (I notice some problems
> though, regardless of how we represent cgroup paths inside container).
> The main reason is to make /proc/pid/cgroup output to match what is
> container sees from inside. Or you mean something else?

I mean vanilla kernels, where there is no /proc/pid/cgroup mangling. How
does it work there (if it does)? May be, we could adapt the technique
used there instead of patching the kernel.



More information about the Devel mailing list