mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-06-10 04:13:37 +00:00
283678ed2c
3.10 kernel comes with proper hierarchical enforcement of devices cgroup. To keep that code somewhat sane, certain things are not allowed. Switching from default-allow to default-deny and vice versa are not allowed when there are children cgroups. (This *could* be simplified in the kernel by checking that all child cgroups are unpopulated, but that has not yet been done and may be rejected) The mountcgroup hook causes lxc-start to break with 3.10 kernels, because you cannot write 'a' to devices.deny once you have a child cgroup. With this patch, (a) lxcpath is passed to hooks, (b) the cgroup mount hook sets the container's devices cgroup, and (c) setup_cgroup() during lxc startup ignores failures to write to devices subsystem if we are already in a child of the container's new cgroup. ((a) is not really related to this bug, but is definately needed. The followup work of making the other hooks use the passed-in lxcpath is still to be done) Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> |
||
|---|---|---|
| .. | ||
| clonehostname | ||
| Makefile.am | ||
| mountcgroups | ||
| mountecryptfsroot | ||