-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pseudofs: cgroup: various improvements #103
base: master
Are you sure you want to change the base?
Conversation
@CameronNemo thanks for this. I think I'm tracking what's going on here, and the general approach looks like it would solve the problems with running docker inside a linux container. |
I take it back - this didn't seem to do the trick post-reboot. |
@sbromberger one difference I see is that void-runit is using the nsdelegate option, and you do not appear to be doing so. |
Sorry - a bit confused here. Where would I have made that change? (Oh - you mean my explicit mount in |
@sbromberger See https://man.voidlinux.org/cgroups#CGROUPS_DELEGATION:_DELEGATING_A_HIERARCHY_TO_A_LESS_PRIVILEGED_USER
Not sure why specifying it would fail. Should be ignored in your case. Maybe try that option to see if it changes anything. Otherwise my patch here is probably broken for some reason. |
Just to be clear - I haven't tried this PR yet. It's on my list. |
OK. With these changes and with the |
@leahneukirchen any thoughts on any of these changes?
|
Default to cgroup2 Attempt to mount cgroup2 in containers to support nesting Mount the systemd tracking cgroup when using cgroup1 Closes void-linux#74
@sbromberger I made some changes, mainly just cleaning it up but basically doing the same thing. If you want to retest with the most recent changes, that would be helpful. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be met with an INSTALL.msg
about the change. As soon as this is merged, we should bump the package noting that the default will change and people should configure hybrid mode explicitly if they need it, and then we can amend the message after cutting a release with this change.
Sorry for the delay. This, along with commenting out all but the last line in /etc/sv/docker/run, allows docker to run within containers with no issues whatsoever. Thanks, and Happy New Year! |
It would be nice to be able to run docker inside a void lxc, right now I use debian lxcs for my docker hosts. |
I'm starting to get breakage now in Podman due to things still hanging on to CGroupV1 while tools start removing support for it, this might be a good time to start pushing this through and migrate the default to CGroupv2. EDIT: |
+1 for defaulting to CGROUP_MODE=unified |
+1 for changing the default too |
I'm fine to change the default, but still think we need an INSTALL.msg. |
Default to cgroup2
Attempt to mount cgroup2 in containers to support nesting
Mount the systemd tracking cgroup when using cgroup1
Closes #74
Former title: rough thoughts on cgroup1 and cgroup2
Former description:
cgroup1
the various container tool run scripts variably handle certain cases,
namely that of the systemd tracking cgroup.
i am actually not 100% confident on why that cgroup needs to be mounted,
but i imagine it has to do with the needs of systemd instances that may
be running in containers.
anyway supposedly it needed to be mounted at one point so the run
scripts would do it. but if the run scripts did it, it could not have
been that harmful. so just do it always. (in legacy/hybrid mode, which I
have not been using for some time).
cgroup2
alright so while we are at it default to pure-cgroup2 / "unified".
i don't know why anyone would want to use a hybrid. and i own a phev.
cgroup2 is just a better default. more compatible and future proof.
to top it off, start mounting cgroup2 when running in a container.
because LXD can not or will not do that for us, the container.
this actually ignores rc.conf completely. might need some work