Distribute traffic over cpu cores of container by configuring more
than 1 tx/rx queue.
Signed-off-by: Cole Dishington <Cole.Dishington@alliedtelesis.co.nz>
We keep running into situations where we want to pre-mount a pure
cgroup2 layout regardless of the layout of the host.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
We did th CRIU and kernel work but for some reason we never did push the
LXC work.
Link: cdb0d42702
commit cdb0d427020f ("net: allow restoring of precreated veth devices")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Apparently some users changed their rootfs via their lxc.mount.entry
entries. Let's not allow that as that can cause confusion during
container setup. So lets verify that the rootfs is stable after setup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
as of 59d8a539d1 ("criu: massage exec_criu()") I see:
In file included from criu.c:22:
criu.c: In function 'exec_criu':
log.h:376:2: error: '%s' directive argument is null [-Werror=format-overflow=]
376 | LXC_ERROR(&locinfo, format, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log.h:457:3: note: in expansion of macro 'ERROR'
457 | ERROR("%s - " format, ptr, ##__VA_ARGS__); \
| ^~~~~
log.h:491:3: note: in expansion of macro 'SYSERROR'
491 | SYSERROR(format, ##__VA_ARGS__); \
| ^~~~~~~~
criu.c:325:11: note: in expansion of macro 'log_error_errno'
325 | return log_error_errno(-ENOMEM, ENOMEM, "Failed to remove extraneous slashes from \"%s\"", tmp);
| ^~~~~~~~~~~~~~~
it looks like we should be logging the string that failed, vs. tmp here.
(my log was taken from stable-4.0, but the same issue exists on master it
seems.)
Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
The lxc_devpts_terminal() helper is called in contexts where it can fail
due to various reasons but where we safely fallback to allocating
terminal devices on the host. Logging error messages irritates users so
just log warning messages.
Link: https://discuss.linuxcontainers.org/t/lxc-attach-error-failed-to-open-terminal-multiplexer-device
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Core scheduling defines if the container payload is marked as being
schedulable on the same core. Doing so will cause the kernel scheduler
to ensure that tasks that are not in the same group never run
simultaneously on a core. This can serve as an extra security measure to
prevent the container payload from using cross hyper thread attacks.
The only allowed values are 0 and 1. Set this to 1 to create a core
scheduling domain for the container or 0 to not create one. If not set
explicitly no core scheduling domain will be created for the container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
