Mounting groups inside docker container

Question

Mounting groups inside docker container

I fixed the component that follows the process model. The master process takes place many times. I want to set the cgroup hierarchy inside the docker container to vary the CPU and memory limit based on each process.

Is there a way I can do this without using '--privileged' or 'CAP_SYTEM_ADMIN'?

Is there a way to make the group the container belongs to as the root of the cgroup subtype that I implement for processes? (Divide the resources allocated to the container between the processes).

+7

linux docker linux-kernel mount

Phelodas 12 sept '15 at 1:19

source share

1 answer

Phelodas · Answer 1 · 2016-03-10T21:55:15+0000

The conclusion I came to was that there is no current solution for this, since Docker does not support cgroup virtualization and does not make the Linux kernel. We need a cgroup virtualization form to implement groups within the container.

lxc does this using a FUSE-based solution called lxcfs: https://linuxcontainers.org/lxcfs/introduction/

In addition, there is a kernel patch that supports group namespaces that, as far as I see, have not been approved: https://lwn.net/Articles/605903/ .

Mounting groups inside docker container

More articles: