Ubuntu Server Guide

Merge lp:~ted-m-cox/serverguide/cgroupbugs into lp:serverguide/trunk

  1. cgroupbugs
  2. Merge into trunk
Proposed by Ted Cox
Status: Merged
Approved by: Doug Smythies
Approved revision: 254
Merged at revision: 254
Proposed branch: lp:~ted-m-cox/serverguide/cgroupbugs
Merge into: lp:serverguide/trunk
Diff against target: 50 lines (+9/-9)
1 file modified
serverguide/C/virtualization.xml (+9/-9)
To merge this branch: bzr merge lp:~ted-m-cox/serverguide/cgroupbugs
Reviewer Review Type Date Requested Status
Doug Smythies Approve
Serge Hallyn Approve
Review via email: mp+264516@code.launchpad.net

Description of the change

Bug fixes, minor edits.

To post a comment you must log in.
Revision history for this message
Doug Smythies (dsmythies) wrote :

Is the cgroup assigned to the container or is the container assigned to the cgroup?
I do not know what is right.
If the former, then, it seems to me, the original wording is O.K., if the latter, then the new wording is O.K.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thank you, looks good to me.

(Re "assigned / assigned to", both are true. I think the new text sounds better, so let's go with it)

review: Approve
Revision history for this message
Doug Smythies (dsmythies) wrote :

Thanks Serge.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'serverguide/C/virtualization.xml'
2--- serverguide/C/virtualization.xml 2015-05-07 04:52:33 +0000
3+++ serverguide/C/virtualization.xml 2015-07-13 03:28:37 +0000
4@@ -1366,24 +1366,24 @@
5 and to lock containers to specific cpus.
6 </para>
7
8- <para> By default, a privileged container CN will be assigned a cgroup
9- called <filename>/lxc/CN</filename>. In the case of name conflicts
10+ <para> By default, a privileged container CN will be assigned to a cgroup
11+ called <filename>/lxc/CN</filename>. In the case of name conflicts
12 (which can occur when using custom lxcpaths) a suffix "-n", where n
13 is an integer starting at 0, will be appended to the cgroup name.
14 </para>
15
16- <para> By default, a privileged container CN will be assigned a cgroup
17+ <para> By default, a privileged container CN will be assigned to a cgroup
18 called <filename>CN</filename> under the cgroup of the task which
19 started the container, for instance
20- <filename>/usr/1000.user/1.session/CN</filename>. The container root
21+ <filename>/usr/1000.user/1.session/CN</filename>. The container root
22 will be given group ownership of the directory (but not all files)
23 so that it is allowed to create new child cgroups.
24 </para>
25 <para>
26 As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to
27- administer cgroups. The cgroup manager receives D-Bus requests
28+ administer cgroups. The cgroup manager receives D-Bus requests
29 over the Unix socket <filename>/sys/fs/cgroup/cgmanager/sock</filename>.
30- To fascilitate safe nested containers, the line
31+ To facilitate safe nested containers, the line
32 <screen>
33 <command>
34 lxc.mount.auto = cgroup
35@@ -1391,12 +1391,12 @@
36 </screen>
37 can be added to the container configuration causing the
38 <filename>/sys/fs/cgroup/cgmanager</filename> directory to be bind-mounted
39- into the container. The container in turn should start the cgroup
40+ into the container. The container in turn should start the cgroup
41 management proxy (done by default if the cgmanager package is installed
42 in the container) which will move the <filename>/sys/fs/cgroup/cgmanager</filename>
43- directory to <filename>/sys/fs/cgroup/cgmanager.lower</filename>, then
44+ directory to <filename>/sys/fs/cgroup/cgmanager.lower</filename>, then
45 start listening for requests to proxy on its own socket
46- <filename>/sys/fs/cgroup/cgmanager/sock</filename>. The host cgmanager
47+ <filename>/sys/fs/cgroup/cgmanager/sock</filename>. The host cgmanager
48 will ensure that nested containers cannot escape their assigned cgroups
49 or make requests for which they are not authorized.
50 </para>

Subscribers

People subscribed via source and target branches