Misc fixes for LXC cgroups setup

When using the 'ns' cgroup controller, the moment a process calls 'unshare(CLONE_NEWNS)', it will be given a private cgroup tree under its current location. This really messages up the LXC controller process, because it ends up creating the containers' cgroup in the wrong place. The fix is fairly easy, just move the cgroup setup before the code which calls unshare(). The 'ns' controller will still create extra undesired cgroups, but they at least won't break libvirt's setup now. The patch also adds a missing cgroups allow rule for /dev/tty device node
2025-01-11 23:37:42 +00:00 · 2010-03-04 11:15:42 +00:00 · 2010-03-04 11:15:42 +00:00 · 57db02e8c0
commit 57db02e8c0
parent ede3bc1128
2 changed files with 6 additions and 4 deletions
--- a/src/lxc/lxc_container.h
+++ b/src/lxc/lxc_container.h
@ -39,6 +39,7 @@ enum {
 #define LXC_DEV_MIN_URANDOM 9

 #define LXC_DEV_MAJ_TTY     5
+#define LXC_DEV_MIN_TTY     0
 #define LXC_DEV_MIN_CONSOLE 1
 #define LXC_DEV_MIN_PTMX    2

--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@ -78,6 +78,7 @@ static int lxcSetContainerResources(virDomainDefPtr def)
        {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
        {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
        {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
+        {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
        {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE},
        {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
        {0,   0, 0}};
@ -301,7 +302,7 @@ static int lxcControllerMain(int monitor,
    fdArray[0].active = 0;
    fdArray[1].fd = contPty;
    fdArray[1].active = 0;
-
+    VIR_ERROR("monitor=%d client=%d appPty=%d contPty=%d", monitor,client, appPty, contPty);
    /* create the epoll fild descriptor */
    epollFd = epoll_create(2);
    if (0 > epollFd) {
@ -516,6 +517,9 @@ lxcControllerRun(virDomainDefPtr def,

    root = virDomainGetRootFilesystem(def);

+    if (lxcSetContainerResources(def) < 0)
+        goto cleanup;
+
    /*
     * If doing a chroot style setup, we need to prepare
     * a private /dev/pts for the child now, which they
@ -599,9 +603,6 @@ lxcControllerRun(virDomainDefPtr def,
    }


-    if (lxcSetContainerResources(def) < 0)
-        goto cleanup;
-
    if ((container = lxcContainerStart(def,
                                       nveths,
                                       veths,