2023.10.09

docs/en_US/guide/docker_precheck.md

@@ -14,7 +14,7 @@ Default use of debian system optional alpine system, each container comes with 1
 
 The default creation of unprivileged containers, and does not mount and host docker daemon communication, so ** host created docker virtualization NAT servers can not be nested within the virtualization docker **
 
-Since the CPU and memory limits are only applied to the host and the cgroup driver is not used in the container, using the server test script to detect the available resources of the container will not be effective, and the resources displayed will be those of the host.
+By default, lxcfs is installed and enabled, so that when querying resources within a container, CPU and memory use the configured view instead of the host's view.
 
 Since most cloud servers have ext4 filesystems, even xfs filesystems do not enable the pquota option, so **sharing the host's hard disk by default does not limit the disk size of each container**.
 

docs/en_US/guide/lxd_precheck.md

@@ -27,6 +27,8 @@ PS: If the hardware resources are even worse, virtualization is not supported, y
 
 - Support for docker nested virtualization of open LXC containers has been set up, and the default normal version and pure probe version use the debian11 system.
 
+- lxcfs has been set to be enabled by default, so that querying resources within a container uses the configured view rather than the host's view
+
 - Have blocked the container may be used to abuse the toolkit and IPV4 network TCP/UDP protocol ports ( 3389 8888 54321 65432 ), to prevent the container is used for scanning and blasting, and can be external process checking for problems automatically shut down
 
 - Has supported one-click configuration of IPV6 addresses for LXC containers (provided that the mother hen has an IPV6 subnet, no IPV6 address is not configured), automatically adapted to the size of the subnet

docs/guide/docker_precheck.md

@@ -18,7 +18,7 @@ outline: deep
 
 默认创建的是非特权容器，且不挂载与宿主机的docker的守护进程之间的通信，所以**宿主机创建的docker虚拟化的NAT服务器内无法再嵌套虚拟化docker**
 
-由于只是在宿主机进行了CPU和内存的限制未在容器内使用cgroup驱动，所以在容器内使用服务器测试脚本检测容器的可用资源是无效的，显示的会是宿主机的资源
+默认安装并启用lxcfs，使得在容器内的查询资源时CPU和内存使用的是配置的视图而不是宿主机的视图
 
 由于大部分云服务器是ext4文件系统，docker默认的存储引擎是overlayfs2，即便宿主机的文件系统是xfs，默认也不会启用pquota选项，所以**默认共享宿主机硬盘，无法限制每个容器的磁盘大小**
 

docs/guide/lxd_precheck.md

@@ -27,6 +27,8 @@ PS: 如果硬件资源更烂，虚拟化不支持，可使用docker版本的，
 
 - 已设置支持开出的LXC容器进行docker嵌套虚拟，默认普通版本和纯探针版本使用debian11系统
 
+- 已设置默认启用lxcfs，使得在容器内的查询资源时使用的是配置的视图而不是宿主机的视图
+
 - 已屏蔽容器内可能用于滥用的工具包和IPV4网络的TCP/UDP协议的端口( 3389 8888 54321 65432 )，以防止容器被用于扫描和爆破，且可外置进程检查有问题自动停机
 
 - 已支持一键为LXC容器配置IPV6地址(前提是宿主机有IPV6子网，无IPV6地址则不配置)，自动适配子网大小