LXCFS is a small FUSE filesystem written with the intention of making Linux
containers feel more like a virtual machine. It started as a side-project of
LXC
but is useable by any runtime.
LXCFS will take care that the information provided by crucial files in procfs
such as:
/proc/cpuinfo
/proc/diskstats
/proc/meminfo
/proc/stat
/proc/swaps
/proc/uptime
/sys/devices/system/cpu/online
are container aware such that the values displayed (e.g. in /proc/uptime
)
really reflect how long the container is running and not how long the host is
running.
Prior to the implementation of cgroup namespaces by Serge Hallyn LXCFS
also
provided a container aware cgroupfs
tree. It took care that the container
only had access to cgroups underneath it's own cgroups and thus provided
additional safety. For systems without support for cgroup namespaces LXCFS
will still provide this feature but it is mostly considered deprecated.
LXCFS
is split into a shared library (a libtool module, to be precise)
liblxcfs
and a simple binary lxcfs
. When upgrading to a newer version of
LXCFS
the lxcfs
binary will not be restarted. Instead it will detect that
a new version of the shared library is available and will reload it using
dlclose(3)
and dlopen(3)
. This design was chosen so that the fuse main loop
that LXCFS
uses will not need to be restarted. If it were then all containers
using LXCFS
would need to be restarted since they would otherwise be left
with broken fuse mounts.
To force a reload of the shared library at the next possible instance simply
send SIGUSR1
to the pid of the running LXCFS
process. This can be as simple
as doing:
kill -s USR1 $(pidof lxcfs)
To achieve smooth upgrades through shared library reloads LXCFS
also relies
on the fact that when dlclose(3)
drops the last reference to the shared
library destructors are run and when dlopen(3)
is called constructors are
run. While this is true for glibc
it is not true for musl
(See the section
Unloading libraries.).
So users of LXCFS
on musl
are advised to restart LXCFS
completely and all
containers making use of it.
Build lxcfs as follows:
yum install fuse fuse-lib fuse-devel
git clone git://github.com/lxc/lxcfs
cd lxcfs
./bootstrap.sh
./configure
make
make install
The recommended command to run lxcfs is:
sudo mkdir -p /var/lib/lxcfs
sudo lxcfs /var/lib/lxcfs
A container runtime wishing to use LXCFS
should then bind mount the
approriate files into the correct places on container startup.
In order to use lxcfs with systemd-based containers, you can either use
LXC 1.1 in which case it should work automatically, or otherwise, copy
the lxc.mount.hook
and lxc.reboot.hook
files (once built) from this tree to
/usr/share/lxcfs
, make sure it is executable, then add the
following lines to your container configuration:
lxc.mount.auto = cgroup:mixed
lxc.autodev = 1
lxc.kmsg = 0
lxc.include = /usr/share/lxc/config/common.conf.d/00-lxcfs.conf
docker run -it -m 256m --memory-swap 256m \
-v /var/lib/lxcfs/proc/cpuinfo:/proc/cpuinfo:rw \
-v /var/lib/lxcfs/proc/diskstats:/proc/diskstats:rw \
-v /var/lib/lxcfs/proc/meminfo:/proc/meminfo:rw \
-v /var/lib/lxcfs/proc/stat:/proc/stat:rw \
-v /var/lib/lxcfs/proc/swaps:/proc/swaps:rw \
-v /var/lib/lxcfs/proc/uptime:/proc/uptime:rw \
ubuntu:18.04 /bin/bash
In a system with swap enabled, the parameter "-u" can be used to set all values in "meminfo" that refer to the swap to 0.
sudo lxcfs -u /var/lib/lxcfs