proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-03 17:30:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b46f055358
mirror_lxc/doc
History
Christian Seiler b46f055358 cgfs: don't mount /sys/fs/cgroup readonly 
Ubuntu containers have had trouble with automatic cgroup mounting that
was not read-write (i.e. lxc.mount.auto = cgroup{,-full}:{ro,mixed}) in
containers without CAP_SYS_ADMIN. Ubuntu's mountall program reads
/lib/init/fstab, which contains an entry for /sys/fs/cgroup. Since
there is no ro option specified for that filesystem, mountall will try
to remount it readwrite if it is already mounted. Without
CAP_SYS_ADMIN, that fails and mountall will interrupt boot and wait for
user input on whether to proceed anyway or to manually fix it,
effectively hanging container bootup.

This patch makes sure that /sys/fs/cgroup is always a readwrite tmpfs,
but that the actual cgroup hierarchy paths (/sys/fs/cgroup/$subsystem)
are readonly if :ro or :mixed is used. This still has the desired
effect within the container (no cgroup escalation possible and programs
get errors if they try to do so anyway), while keeping Ubuntu
containers happy.

Signed-off-by: Christian Seiler <christian@iwakd.de>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-05-06 10:20:08 -05:00
..
api Add '--enable-api-docs' for doxygen-generated public API docs. 2013-11-25 11:50:01 -05:00
examples Add the seccomp examples to EXTRA_DIST 2014-02-12 23:19:45 -05:00
ja doc: Update Japanese lxc-ls(1) for the new -g/--group argument 2014-05-02 13:04:23 -04:00
legacy licensing: Add missing headers and FSF address 2013-09-03 14:33:03 -04:00
rootfs Update rootfs README 2014-02-13 13:52:50 -05:00
common_options.sgml.in licensing: Add missing headers and FSF address 2013-09-03 14:33:03 -04:00
FAQ.txt Remove all trailing whitespaces. 2012-11-26 12:08:13 -05:00
lxc-attach.sgml.in doc: Update man pages to the latest information 2014-01-06 09:51:53 -05:00
lxc-autostart.sgml.in lxc-autostart: Add a new --ignore-auto/-A flag 2014-03-07 17:18:44 -05:00
lxc-cgroup.sgml.in licensing: Add missing headers and FSF address 2013-09-03 14:33:03 -04:00
lxc-checkconfig.sgml.in licensing: Add missing headers and FSF address 2013-09-03 14:33:03 -04:00
lxc-clone.sgml.in lxc-clone man page: fix typos 2014-04-28 08:42:24 -05:00
lxc-config.sgml.in doc: Add manpage for lxc-config 2014-01-23 12:51:47 -05:00
lxc-console.sgml.in Fix typos identified by lintian 2013-10-20 00:34:07 -04:00
lxc-create.sgml.in lxc-create: make 'none' bdev type work again 2014-05-01 13:54:16 -04:00
lxc-destroy.sgml.in doc: Update man pages to the latest information 2014-01-06 09:51:53 -05:00
lxc-device.sgml.in Fix some typos 2013-09-11 10:02:05 -04:00
lxc-execute.sgml.in Deprecate lxc-checkpoint, lxc-kill and lxc-restart 2014-01-18 10:13:50 -05:00
lxc-freeze.sgml.in licensing: Add missing headers and FSF address 2013-09-03 14:33:03 -04:00
lxc-info.sgml.in doc: lxc-info -c doesn't require RUNNING 2014-01-31 09:16:04 +00:00
lxc-ls.sgml.in lxc-ls: Typo in manpage 2014-05-02 11:13:08 -04:00
lxc-monitor.sgml.in let lxc-monitor command ask a lxc-monitord instance to quit 2013-12-06 16:03:23 -05:00
lxc-snapshot.sgml.in bdev: Add aufs support 2014-02-12 16:43:55 -05:00
lxc-start-ephemeral.sgml.in lxc-start-ephemeral: fix the man page 2014-01-06 10:21:11 -05:00
lxc-start.sgml.in Cosmetic: shorten the options summary in documentation 2013-11-13 07:04:27 -08:00
lxc-stop.sgml.in lxc_*.c: don't exit with -1 2014-04-07 17:19:14 -04:00
lxc-top.sgml.in lxc-top: show kernel memory being used if available 2013-11-04 06:37:11 -06:00
lxc-unfreeze.sgml.in licensing: Add missing headers and FSF address 2013-09-03 14:33:03 -04:00
lxc-unshare.sgml.in Teach lxc_unshare about interfaces, mounts, hostname, daemonize 2014-01-15 15:42:36 -06:00
lxc-user-nic.sgml.in doc: fix See Also lxc-usernet.conf -> lxc-usernet 2014-01-24 13:07:50 -05:00
lxc-usernet.sgml.in add manpages for lxc-user-nic 2013-12-17 11:15:57 -06:00
lxc-usernsexec.sgml.in lxc-usernsexec manpage: fix typo (command name is not lxc-unshare) 2014-02-13 22:40:51 -06:00
lxc-wait.sgml.in licensing: Add missing headers and FSF address 2013-09-03 14:33:03 -04:00
lxc.conf.sgml.in doc: Try to clear some confusion about lxc.conf 2014-01-22 22:16:20 -05:00
lxc.container.conf doc: Try to clear some confusion about lxc.conf 2014-01-22 22:16:20 -05:00
lxc.container.conf.sgml.in cgfs: don't mount /sys/fs/cgroup readonly 2014-05-06 10:20:08 -05:00
lxc.sgml.in Remove lxc-version, lxc-ps and lxc-netstat 2014-01-22 13:38:46 -05:00
lxc.system.conf doc: Try to clear some confusion about lxc.conf 2014-01-22 22:16:20 -05:00
lxc.system.conf.sgml.in doc: Add Japanese lxc.container.conf(5), lxc.system.conf(5) and update lxc.conf(5) 2014-01-23 10:53:06 -05:00
Makefile.am doc: Add manpage for lxc-config 2014-01-23 12:51:47 -05:00
see_also.sgml.in Remove lxc-version, lxc-ps and lxc-netstat 2014-01-22 13:38:46 -05:00