mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2026-03-29 00:00:41 +00:00
95b422fccf
While testing https://github.com/lxc/lxc/pull/106, I found that concurrent starts are hanging time to time. I then reproduced the same problem in master and got following; [caglar@oOo:~] sudo gdb -p 16221 (gdb) bt #0 __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 #1 0x00007f495526515c in _L_lock_982 () from /lib/x86_64-linux-gnu/libpthread.so.0 #2 0x00007f4955264fab in __GI___pthread_mutex_lock (mutex=0x7f49556d4600 <static_mutex>) at pthread_mutex_lock.c:64 #3 0x00007f49554b27a6 in lock_mutex (l=l@entry=0x7f49556d4600 <static_mutex>) at lxclock.c:78 #4 0x00007f49554b2dac in static_lock () at lxclock.c:330 #5 0x00007f4955498f71 in lxc_global_config_value (option_name=option_name@entry=0x7f49554c02cf "cgroup.use") at utils.c:273 #6 0x00007f495549926c in default_cgroup_use () at utils.c:366 #7 0x00007f49554953bd in lxc_cgroup_load_meta () at cgroup.c:94 #8 0x00007f495548debc in lxc_spawn (handler=handler@entry=0x7f49200af300) at start.c:783 #9 0x00007f495548e7a7 in __lxc_start (name=name@entry=0x7f49200b48a0 "lxc-test-concurrent-4", conf=conf@entry=0x7f49200b2030, ops=ops@entry=0x7f49556d3900 <start_ops>, data=data@entry=0x7f495487db90, lxcpath=lxcpath@entry=0x7f49200b2010 "/var/lib/lxc") at start.c:951 #10 0x00007f495548eb9c in lxc_start (name=0x7f49200b48a0 "lxc-test-concurrent-4", argv=argv@entry=0x7f495487dbe0, conf=conf@entry=0x7f49200b2030, lxcpath=0x7f49200b2010 "/var/lib/lxc") at start.c:1048 #11 0x00007f49554b68f1 in lxcapi_start (c=0x7f49200b1dd0, useinit=<optimized out>, argv=0x7f495487dbe0) at lxccontainer.c:648 #12 0x0000000000401317 in do_function (arguments=0x1aa80b0) at concurrent.c:94 #13 0x0000000000401499 in concurrent (arguments=<optimized out>) at concurrent.c:130 #14 0x00007f4955262f6e in start_thread (arg=0x7f495487e700) at pthread_create.c:311 #15 0x00007f4954f8d9cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 It looks like both parent and child end up with locked mutex thus deadlocks. I ended up placing values in the thread local storage pool, instead of doing "unlock the lock in the child" dance Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> |
||
|---|---|---|
| config | ||
| doc | ||
| hooks | ||
| src | ||
| templates | ||
| .gitignore | ||
| AUTHORS | ||
| autogen.sh | ||
| configure.ac | ||
| CONTRIBUTING | ||
| COPYING | ||
| INSTALL | ||
| lxc.pc.in | ||
| lxc.spec.in | ||
| MAINTAINERS | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| runapitests.sh | ||
| TODO | ||
Please see the COPYING file for details on copying and usage.
Please refer to the INSTALL file for instructions on how to build.
What is lxc:
The container technology is actively being pushed into the mainstream linux
kernel. It provides the resource management through the control groups aka
process containers and resource isolation through the namespaces.
The linux containers, lxc, aims to use these new functionalities to pro-
vide an userspace container object which provides full resource isolation
and resource control for an applications or a system.
The first objective of this project is to make the life easier for the ker-
nel developers involved in the containers project and especially to con-
tinue working on the Checkpoint/Restart new features. The lxc is small
enough to easily manage a container with simple command lines and complete
enough to be used for other purposes.
Using lxc:
Refer the lxc* man pages (generated from doc/* files)
Downloading the current source code:
Source for the latest released version can always be downloaded from
http://linuxcontainers.org/downloads/
You can browse the up to the minute source code and change history online.
http://github.com/lxc/lxc
For detailed build instruction refer to INSTALL and man lxc man page
but a short command line should work:
./autogen.sh && ./configure && make && sudo make install
preceded by ./autogen.sh if configure do not exist yet.
Troubleshooting:
If the ./autogen.sh script shows the following message: "aclocal: not found",
you are likely missing the "automake" package. Make sure it's installed and
try again.
If the ./configure script gives you the following message:
"configure: error: Please install the libcap development files."
you are likely missing the "libcap-dev" package.
The configure script will usually give you hints as to what you are missing,
looking for those in your package manager will usually give you the package
that you need to install.
Getting help:
when you find you need help, you can check out one of the two
lxc mailing list archives and register if interested:
http://lists.linuxcontainers.org/listinfo/lxc-devel
http://lists.linuxcontainers.org/listinfo/lxc-users
Portability:
lxc is still in development, so the command syntax and the API can
change. The version 1.0.0 will be the frozen version.
lxc is developed and tested on Linux since kernel mainline version 2.6.27
(without network) and 2.6.29 with network isolation.
It's compiled with gcc, and should work on most architectures as long as the
required kernel features are available. This includes (but isn't limited to):
i686, x86_64, ppc, ppc64, S390, armel and armhf.
AUTHOR
Daniel Lezcano <daniel.lezcano@free.fr>
Seccomp with LXC
----------------
To restrict a container with seccomp, you must specify a profile which is
basically a whitelist of system calls it may execute. In the container
config file, add a line like
lxc.seccomp = /var/lib/lxc/q1/seccomp.full
I created a usable (but basically worthless) seccomp.full file using
cat > seccomp.full << EOF
1
whitelist
EOF
for i in `seq 0 300`; do
echo $i >> seccomp.full
done
for i in `seq 1024 1079`; do
echo $i >> seccomp.full
done
-- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Jul 2012 15:47:02 +0600