Am 16.02.2014 00:52, schrieb arnaud gaboury:
- Systemd creates all necessary cgroups
How can I be sure systemd created them ? Are the command line & results below OK ?
gabx@hortensia ➤➤ ~aur/libvirt-git # cat /proc/cgroups #subsys_name hierarchy num_cgroups enabled cpuset 3 2 1 cpu 4 2 1 cpuacct 4 2 1 memory 5 2 1 devices 6 2 1 freezer 7 2 1 net_cls 8 2 1 blkio 9 2 1
Looks okay, anyways that's not a good command to check this. Take a look at /sys/fs/cgroup/systemd/ Or even better: └» systemd-cgls (output for my libvirt_lxc container) ├─machine.slice │ └─machine-lxc\x2darch\x2dweb1.scope │ ├─28422 /usr/lib/libvirt/libvirt_lxc --name arch-web1 --console 21 --security=none --handshake 24 --background --veth macvlan1 │ └─machine.slice │ └─machine-lxc\x2darch\x2dweb1.scope │ ├─machine.slice │ │ └─machine-lxc\x2darch\x2dweb1.scope │ │ └─user.slice │ │ └─user-0.slice │ │ └─user@0.service │ │ └─28488 /usr/lib/systemd/systemd --user │ ├─user.slice │ │ └─user-0.slice │ │ └─user@0.service │ │ └─28489 (sd-pam) │ └─system.slice │ ├─28428 /usr/bin/init │ ├─systemd-logind.service │ │ └─28459 /usr/lib/systemd/systemd-logind │ ├─console-getty.service │ │ └─28463 /sbin/agetty --noclear -s console 115200 38400 9600 │ ├─dbus.service │ │ └─28458 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation │ ├─sshd.service │ │ └─28470 /usr/bin/sshd -D │ └─systemd-journald.service │ └─28443 /usr/lib/systemd/systemd-journald
- The cgroup that gets auto-created (machine.slice/machine-lxc...)
Where can I see these cgroup and who auto-created them ?
See above. More info about "who" and "how": http://libvirt.org/cgroups.html
needs
to be chown'ed to the mapped uid/gid. libvirt doesn't do that yet, but there's a patch on the libvirt devel mailing-list by Richard Weinberger which fixes this. Posted yesterday.
- I tried to install linvirt-git, but got an error when building.
The libvirt-git AUR package worked fine 2 days ago. But it could be temp breakage upstream. No error output, no help possible.
- The container's rootfs needs to be chown'ed to the mapped uid, I used a simple script that reads `ls -n` and chowns all dirs and files with a defined offset (new_uid=$[$old_uid + 5000] .. you get the idea)
I think I see. Do you mean sharing your script?
-----snip---- #!/bin/bash LXC_VM=$1 ID_OFFSET=$2 LXC_BASEDIR=/var/lib/lxc if [[ ! -d "${LXC_BASEDIR}/${LXC_VM}/rootfs" ]]; then echo "ERROR: ${LXC_BASEDIR}/${LXC_VM}/rootfs does not exist" exit 1 fi cd ${LXC_BASEDIR}/${LXC_VM} echo "Changing directories" for dir in `find rootfs -type d`; do old_uid=`ls -nd ${dir}|awk '{print $3}'` old_gid=`ls -nd ${dir}|awk '{print $4}'` new_uid=$[${old_uid} + ${ID_OFFSET}] new_gid=$[${old_gid} + ${ID_OFFSET}] chown ${new_uid}:${new_gid} ${dir} done echo "Changing files" for file in `find rootfs -type f`; do old_uid=`ls -nd ${file}|awk '{print $3}'` old_gid=`ls -nd ${file}|awk '{print $4}'` new_uid=$[${old_uid} + ${ID_OFFSET}] new_gid=$[${old_gid} + ${ID_OFFSET}] chown ${new_uid}:${new_gid} ${file} done ----snap---- Disclaimer: separating dirs and files has no real reason here. Needs to run as root. May kill your cat etc..
TY Tom for your help.
NP ~tom