diff options
| author | Tejun Heo <htejun@fb.com> | 2016-11-21 14:45:53 -0500 | 
|---|---|---|
| committer | Luke Shumaker <lukeshu@lukeshu.com> | 2017-06-16 17:04:25 -0400 | 
| commit | f15af46c06bedf46ffdc7e581f69e29beb79bc99 (patch) | |
| tree | 6e5034c08abaaa8b70ce001b6be30d4008fd6940 /src/nss-systemd | |
| parent | ae81fab1d9133f46d5c2d9243e796e9534cb715a (diff) | |
nspawn: fix cgroup mode detection
cgroup mode detection is broken in two different ways.
* detect_unified_cgroup_hierarchy() is called too nested in outer_child().
  sync_cgroup() which is used by run() also needs to know the requested cgroup
  mode but it's currently always getting CGROUP_UNIFIED_UNKNOWN.  This makes it
  skip syncing the inner cgroup hierarchy on some config combinations.
   $ cat /proc/self/cgroup | grep systemd
   1:name=systemd:/user.slice/user-0.slice/session-c1.scope
   $ UNIFIED_CGROUP_HIERARCHY=0 SYSTEMD_NSPAWN_USE_CGNS=0 systemd-nspawn -M container
   ...
   [root@container ~]# cat /proc/self/cgroup | grep systemd
   1:name=systemd:/machine.slice/machine-container.x86_64.scope
   $ exit
   $ UNIFIED_CGROUP_HIERARCHY=1 SYSTEMD_NSPAWN_USE_CGNS=0 systemd-nspawn -M container
   [root@container ~]# cat /proc/self/cgroup | grep 0::
   0::/
   $ exit
  Note how the unified hierarchy case's path is not synchronized with the host.
  This for example can cause issues when there are multiple such containers.
  Fixed by moving detect_unified_cgroup_hierarchy() invocation to main().
* inner_child() was invoking cg_unified_flush().  inner_child() executes fully
  scoped and can't determine which cgroup mode the host was in.  It doesn't
  make sense to keep flushing the detected mode when the host mode can't
  change.
  Fixed by replacing cg_unified_flush() invocations in outer_child() and
  inner_child() with one in main().
(cherry picked from commit bd15ab41a1347fed8266845f875842d1502e02a6)
Diffstat (limited to 'src/nss-systemd')
0 files changed, 0 insertions, 0 deletions
