aptosid.com

Software - Kernel + LXC

gerd - 27.07.2011, 19:48
Post subject: Kernel + LXC
The output from lxc-checkconfig
      Code:

Cgroup namespace: missing
Cgroup memory controller: missing

+ many enabled things


I'm not sure if that is a must (need further tests), but it is possible to enable or add both features to aptosid kernel?
slh - 27.07.2011, 19:53
Post subject: RE: Kernel + LXC
      Code:
$ zgrep CGROUP /proc/config.gz
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_SCHED=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_NET_CLS_CGROUP=y
...only if you tell me what exactly you're missing.
towo - 27.07.2011, 19:58
Post subject: RE: Kernel + LXC
For lxc the following is needed:
      Code:

CONFIG_GROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUPS=y
CONFIG_CGROUP_NS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CPUSETS=y
CONFIG_PROC_PID_CPUSET=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_RESOURCE_COUNTERS=y
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_MM_OWNER=y
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_NET_CLS_CGROUP=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y

gerd - 27.07.2011, 20:00
Post subject:
I think
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_NAMESPACES=y
could be the ones that are missing

edit: towo listed the needed ones already
slh - 27.07.2011, 22:50
Post subject:
RESOURCE_COUNTERS is not without negative impacts on system performance, I will have give it some further testing before releasing a kernel with that setting.
slh - 01.08.2011, 00:26
Post subject:
Please test linux-image-3.0-0.slh.5-aptosid-{686,amd64} 3.0-5.
gerd - 01.08.2011, 07:55
Post subject:
Better now, but one entry is still missing:
"Cgroup namespace: missing"

This entry helps:
CONFIG_CGROUP_NS=y

(i tested it. This is the entry to make lxc support complete)
slh - 01.08.2011, 11:31
Post subject:
There is no CGROUP_NS in the whole kernel.
slh - 01.08.2011, 12:11
Post subject:
cgroup: remove the ns_cgroup
gerd - 01.08.2011, 13:18
Post subject:
thx for researching. So the lxc-tools are old, I hope that there aren't negative impacts.
A first test with a application sandbox was successful. Further tests will follow. If there are any problems i will tell.
slh - 01.08.2011, 13:24
Post subject:
Likely, yes. While I'm mildly interested in lxc, I see little use for it in the light of "Marco d'Itri: Evading from linux containers" - which keeps me personally from spending any time on it so far.
slh - 03.08.2011, 19:55
Post subject:
By the way, do you have cgroups mounted, e.g. below /sys/fs/cgroup/ ?
      Code:
mount -t cgroup -o nodev,noexec,nosuid cgroup /sys/fs/cgroup
(I'm not sure if lxc or one of its dependencies needs this or if it does the mounting itself, but it would be worth checking)
gerd - 03.08.2011, 20:02
Post subject:
Interestingly cgroups are mounted (/sys/fs/cgroup is full of entries) and active, but mount don't displays them.
slh - 03.08.2011, 20:05
Post subject:
Maybe look at "cat /proc/mounts", mtab is everything but reliable (and its days are numbered); but that rules out my 'easy' suspicion.
gerd - 03.08.2011, 20:15
Post subject:
Thx for the hint. And you are right. The mounts are listed there
      Code:
cat /proc/mounts | grep cgroup
cgroup /sys/fs/cgroup cgroup rw,relatime,cpu,clone_children 0 0
cgroup /sys/fs/cgroup/cpuacct cgroup rw,relatime,cpuacct 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,relatime,devices 0 0

All times are GMT - 12 Hours
Powered by PNphpBB2 © 2003-2010 The Zafenio Group
Credits