[pve-devel] [PATCH container 19/20] handle cgroup related changes of lxc-4.0
w.bumiller at proxmox.com
w.bumiller at proxmox.com
Fri Apr 3 16:37:39 CEST 2020
From: Wolfgang Bumiller <w.bumiller at proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
src/PVE/LXC.pm | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index b397d67..1c27a86 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -584,6 +584,22 @@ sub update_lxc_config {
my $raw = '';
+ if ($lxc_major >= 4) {
+ # Explicitly don't use relative directories, which is the default, but
+ # note that we do this mostly because they are only applied for *some*
+ # cgroups. Our pve-container at .service now starts lxc-start with `-F`,
+ # so we also don't need to worry about the new monitor cgroup to
+ # confuse systemd.
+ $raw .= "lxc.cgroup.relative = 0\n";
+
+ # To make things easier, let's keep our previous cgroup layout and
+ # simply move the monitor outside:
+ $raw .= "lxc.cgroup.dir.monitor = lxc.monitor/$vmid\n";
+ # cgroup namespace separation for stronger limits:
+ $raw .= "lxc.cgroup.dir.payload = lxc/$vmid\n";
+ $raw .= "lxc.cgroup.dir.namespace = ns\n";
+ }
+
die "missing 'arch' - internal error" if !$conf->{arch};
$raw .= "lxc.arch = $conf->{arch}\n";
--
2.20.1
More information about the pve-devel
mailing list