diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-05-06 15:07:18 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-05-09 23:08:54 +0200 |
| commit | 434aadd5d39fc190590055566d801d157036a37c (patch) | |
| tree | 36631fba25270937dc49372bae845e4ebe55622f /man7 | |
| parent | 8079aefa6f13aefe272f01a03da3545a5b18cfed (diff) | |
| download | man-pages-434aadd5d39fc190590055566d801d157036a37c.tar.gz | |
namespaces.7: Add /proc/PID/mountinfo discussion under cgroup namespaces
The discussion here is contingent on the acceptance of
Serge Hallyn's patch, "mountinfo: implement show_path
for kernfs and cgroup".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7')
| -rw-r--r-- | man7/namespaces.7 | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7 index 7b0b9e2dde..b17ed5646a 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -196,7 +196,9 @@ This file is a handle for the UTS namespace of the process. Cgroup namespaces virtualize the view of a process's cgroups (see .BR cgroups (7)) as seen via -.IR /proc/[pid]/cgroup . +.IR /proc/[pid]/cgroup +and +.IR /proc/[pid]/mountinfo . Each cgroup namespace has its own set of cgroup root directories, which are the base points for the relative locations displayed in @@ -240,11 +242,11 @@ hierarchy, and put the shell into that cgroup: Next, we use .BR unshare (1) -to create a process running a shell in a new cgroup namespace: +to create a process running a new shell in new cgroup and mount namespaces: .nf .in +4n -# \fBunshare \-C bash\fP +# \fBunshare \-Cm bash\fP .in .fi @@ -267,6 +269,40 @@ $ \fBcat /proc/20124/cgroup | grep freezer\fP .in .fi +However, when we look in +.IR /proc/self/mountinfo +we see the following anomaly: + +.nf +.in +4n +# \fBcat /proc/self/mountinfo | grep freezer\fP +155 145 0:32 /.. /sys/fs/cgroup/freezer ... +.in +.fi + +The fourth field this file should show the +directory in the cgroup filesystem which forms the root of this mount. +Since by the definition of cgroup namespaces, the process's current +freezer cgroup directory became its root freezer cgroup directory, +we should see \(aq/\(aq in this field. +The problem here is that we are seeing a mount entry for the cgroup +filesystem corresponding to our initial shell process's cgroup namespace +(whose cgroup filesystem is indeed rooted in the parent directory of +.IR sub ). +We need to remount the freezer cgroup filesystem +inside this cgroup namespace, after which we see the expected results: + +.nf +.in +4n +# mount \-\-make\-rprivate # Don't propagate mount events + # to other namespaces +# umount /sys/fs/cgroup/freezer +# mount \-t cgroup \-o freezer freezer /sys/fs/cgroup/freezer +# cat /proc/self/mountinfo | grep freezer +155 145 0:32 / /sys/fs/cgroup/freezer rw,relatime ... +.in +.fi + Use of cgroup namespaces requires a kernel that is configured with the .B CONFIG_CGROUPS option. |