diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index 728e8e500db78ad734fd192800d56e8003ee1bea..0987050bf73e45aae0fcf02f7b15e7a81c069be8 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -462,7 +462,8 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def, } -virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def) +virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def, + pid_t initpid) { virCgroupPtr cgroup = NULL; @@ -473,18 +474,12 @@ virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def) goto cleanup; } - /* - * XXX - * We should pass the PID of the LXC init process - * not ourselves, but this requires some more - * refactoring. We should also pass the root dir - */ if (virCgroupNewMachine(def->name, "lxc", true, def->uuid, NULL, - getpid(), + initpid, true, 0, NULL, def->resource->partition, diff --git a/src/lxc/lxc_cgroup.h b/src/lxc/lxc_cgroup.h index 0e78126e1b444b09e8cb6edb90e88049e4edc005..31d6800dc78ae79de3139af493bb40b4e8f68204 100644 --- a/src/lxc/lxc_cgroup.h +++ b/src/lxc/lxc_cgroup.h @@ -27,7 +27,8 @@ # include "lxc_fuse.h" # include "virusb.h" -virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def); +virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def, + pid_t initpid); virCgroupPtr virLXCCgroupJoin(virDomainDefPtr def); int virLXCCgroupSetup(virDomainDefPtr def, virCgroupPtr cgroup, diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index f2c0b578532296099772455d339752445ed89083..00d0e2362851e211653c7c2c49db1c3ee890cd37 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -680,8 +680,9 @@ static int virLXCControllerGetNumadAdvice(virLXCControllerPtr ctrl, * virLXCControllerSetupResourceLimits * @ctrl: the controller state * - * Creates a cgroup for the container, moves the task inside, - * and sets resource limits + * Sets up the non-cgroup based resource limits that need + * to be inherited by the child process across clone()/exec(). + * The cgroup limits are setup later * * Returns 0 on success or -1 in case of error */ @@ -704,6 +705,37 @@ static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl) if (virLXCControllerSetupCpuAffinity(ctrl) < 0) goto cleanup; + ret = 0; + cleanup: + virBitmapFree(auto_nodeset); + return ret; +} + + +/* + * Creates the cgroup and sets up the various limits associated + * with it + */ +static int virLXCControllerSetupCgroupLimits(virLXCControllerPtr ctrl) +{ + virBitmapPtr auto_nodeset = NULL; + int ret = -1; + virBitmapPtr nodeset = NULL; + + VIR_DEBUG("Setting up cgroup resource limits"); + + if (virLXCControllerGetNumadAdvice(ctrl, &auto_nodeset) < 0) + goto cleanup; + + nodeset = virDomainNumatuneGetNodeset(ctrl->def->numatune, auto_nodeset, -1); + + if (!(ctrl->cgroup = virLXCCgroupCreate(ctrl->def, + ctrl->initpid))) + goto cleanup; + + if (virCgroupAddTask(ctrl->cgroup, getpid()) < 0) + goto cleanup; + if (virLXCCgroupSetup(ctrl->def, ctrl->cgroup, nodeset) < 0) goto cleanup; @@ -2224,6 +2256,9 @@ virLXCControllerRun(virLXCControllerPtr ctrl) for (i = 0; i < ctrl->npassFDs; i++) VIR_FORCE_CLOSE(ctrl->passFDs[i]); + if (virLXCControllerSetupCgroupLimits(ctrl) < 0) + goto cleanup; + if (virLXCControllerSetupUserns(ctrl) < 0) goto cleanup; @@ -2454,9 +2489,6 @@ int main(int argc, char *argv[]) if (virLXCControllerValidateConsoles(ctrl) < 0) goto cleanup; - if (!(ctrl->cgroup = virLXCCgroupCreate(ctrl->def))) - goto cleanup; - if (virLXCControllerSetupServer(ctrl) < 0) goto cleanup;