mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-23 14:33:10 +00:00
virsh: make lxc-enter-namespace also join the cgroups
Extend the lxc-enter-namespace command so that it joins the containers' cgroups before starting new namespaces. This ensures that the commands run have the normal resource limits applied Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
57e62ee00a
commit
291e1a470c
@ -9334,6 +9334,9 @@ cmdLxcEnterNamespace(vshControl *ctl, const vshCmd *cmd)
|
|||||||
0) < 0)
|
0) < 0)
|
||||||
_exit(EXIT_CANCELED);
|
_exit(EXIT_CANCELED);
|
||||||
|
|
||||||
|
if (virDomainLxcEnterCGroup(dom, 0) < 0)
|
||||||
|
_exit(EXIT_CANCELED);
|
||||||
|
|
||||||
if (virDomainLxcEnterNamespace(dom,
|
if (virDomainLxcEnterNamespace(dom,
|
||||||
nfdlist,
|
nfdlist,
|
||||||
fdlist,
|
fdlist,
|
||||||
|
@ -4195,9 +4195,10 @@ omitted.
|
|||||||
Enter the namespace of I<domain> and execute the command C</path/to/binary>
|
Enter the namespace of I<domain> and execute the command C</path/to/binary>
|
||||||
passing the requested args. The binary path is relative to the container
|
passing the requested args. The binary path is relative to the container
|
||||||
root filesystem, not the host root filesystem. The binary will inherit the
|
root filesystem, not the host root filesystem. The binary will inherit the
|
||||||
environment variables / console visible to virsh. This command only works
|
environment variables / console visible to virsh. The command will be run
|
||||||
when connected to the LXC hypervisor driver. This command succeeds only
|
with the same sVirt context and cgroups placement as processes within the
|
||||||
if C</path/to/binary> has 0 exit status.
|
container. This command only works when connected to the LXC hypervisor
|
||||||
|
driver. This command succeeds only if C</path/to/binary> has 0 exit status.
|
||||||
|
|
||||||
By default the new process will run with the security label of the new
|
By default the new process will run with the security label of the new
|
||||||
parent container. Use the I<--noseclabel> option to instead have the
|
parent container. Use the I<--noseclabel> option to instead have the
|
||||||
|
Loading…
Reference in New Issue
Block a user