Misc fixes for LXC cgroups setup

When using the 'ns' cgroup controller, the moment a process calls
'unshare(CLONE_NEWNS)', it will be given a private cgroup tree
under its current location. This really messages up the LXC
controller process, because it ends up creating the containers'
cgroup in the wrong place. The fix is fairly easy, just move
the cgroup setup before the code which calls unshare(). The
'ns' controller will still create extra undesired cgroups, but
they at least won't break libvirt's setup now.

The patch also adds a missing cgroups allow rule for /dev/tty
device node

diff --git a/src/lxc/lxc_container.h b/src/lxc/lxc_container.h
index a1dd5a16f92cadfdabd2bd355d0802fd75f0723f..9e156425f29604606e9d389753272d05e56c15d0 100644 (file)
--- a/src/lxc/lxc_container.h
+++ b/src/lxc/lxc_container.h
@@ -39,6 +39,7 @@ enum {
 #define LXC_DEV_MIN_URANDOM 9
 
 #define LXC_DEV_MAJ_TTY     5
+#define LXC_DEV_MIN_TTY     0
 #define LXC_DEV_MIN_CONSOLE 1
 #define LXC_DEV_MIN_PTMX    2
 

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 95970cc143784e818f66eeff7e25a36eb39bc39b..525c6cbc2913197dd02ee093119b237100048f3c 100644 (file)
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -78,6 +78,7 @@ static int lxcSetContainerResources(virDomainDefPtr def)
         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
+        {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
         {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE},
         {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
         {0,   0, 0}};
@@ -301,7 +302,7 @@ static int lxcControllerMain(int monitor,
     fdArray[0].active = 0;
     fdArray[1].fd = contPty;
     fdArray[1].active = 0;
-
+    VIR_ERROR("monitor=%d client=%d appPty=%d contPty=%d", monitor,client, appPty, contPty);
     /* create the epoll fild descriptor */
     epollFd = epoll_create(2);
     if (0 > epollFd) {
@@ -516,6 +517,9 @@ lxcControllerRun(virDomainDefPtr def,
 
     root = virDomainGetRootFilesystem(def);
 
+    if (lxcSetContainerResources(def) < 0)
+        goto cleanup;
+
     /*
      * If doing a chroot style setup, we need to prepare
      * a private /dev/pts for the child now, which they
@@ -599,9 +603,6 @@ lxcControllerRun(virDomainDefPtr def,
     }
 
 
-    if (lxcSetContainerResources(def) < 0)
-        goto cleanup;
-
     if ((container = lxcContainerStart(def,
                                        nveths,
                                        veths,