I have noticed that containers see all cores when I inspect /sys/devices/system/cpu/online, even though they have been restricted to a single core. /proc/cpuinfo seems to be reporting correctly.

For example, I have a container test:

root@server:~# lxc exec test -- grep -c "processor" /proc/cpuinfo 
1

Which is the expected output. However.

root@server:~# lxc exec test -- cat /sys/devices/system/cpu/online
0-55

I tested this using the following snap installed versions of LXD:

• 3.0.4 (from the 3.0/stable channel)
• 3.16 (from the 3.16/stable channel)

More info from my server:

root@server:~# lsb_release -a 
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.3 LTS
Release:	18.04
Codename:	bionic
root@server:~# uname -a 
Linux v45 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
root@server:~# snap --version 
snap    2.40
snapd   2.40
series  16
ubuntu  18.04
kernel  4.15.0-58-generic

Seems like there was a merge in May 2019 to address this. The comments on this merge make it seem like this should be enabled by default.

I discovered this while setting up a Kubernetes cluster with Rancher where I used LXD containers as nodes and posted an issue in the rancher repo. Rancher seems to be using /sys/ to enumerate CPU and memory resources on nodes, which is why I need LXCFS to fix my problem.

I also posted about this on the LXD forum.

Please let me know if you need me to provide additional information.