[libvirt] [PATCH 0 of 2] [RFC] Add cgroup manipulation and LXC driver support
Dan Smith
danms at us.ibm.com
Tue Sep 30 18:11:57 UTC 2008
BS> For all practical purposes, it is not possible to mount all
BS> controllers at the same place. Consider a simple case of "ns", if
BS> the ns controller is mounted, you need root permissions to create
BS> new groups, which defeats the whole purpose of the cgroup
BS> filesystem and assigning permissions, so that an application can
BS> create groups on it own.
I don't think I'd go so far as saying that it "defeats the whole
purpose", but I understand your point.
After just a small amount of playing around, it seems like it might be
reasonable to just mount the controllers we care about somewhere just
for libvirt.
>> - What to do if memory and device controllers aren't present
>> - What to do if the root group is set for exclusive cpuset behavior
BS> These need to be fixed as well.
...that's why I pointed them out :)
I'm thinking that mounting the controllers we care about at daemon
startup (as mentioned above) would solve both of these issues as well.
Does anyone have an opinion on taking that approach?
--
Dan Smith
IBM Linux Technology Center
Open Hypervisor Team
email: danms at us.ibm.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080930/51971a7b/attachment-0001.sig>
More information about the libvir-list
mailing list