fix init.scope in cgroup paths #966
Conversation
sjenning
force-pushed
the
fix-initscope-cgroup-path
branch
from
6b0d79c
to
b71ffc8
Compare
|
The hardcoded string All the same, LGTM as a definite improvement over the existing state of things. Thanks! |
|
Rejected. The reason why we do this is because of the usecase where someone is running a container inside a container (currently we don't have support for the cgroup namespace, and there's no requirement that a user will use that namespace even if we did support it -- see #781). If you start joining cgroups at the root, things start to not go very well (systemd can't track the process anymore and it doesn't like that very much). Now, for the The issue you linked references that we should be using systemd to query the root of the cgroup hierarchy, not to ignore systemd in the systemd cgroup driver. I'd be okay with a change that does that. /cc @crosbymichael |
sjenning
force-pushed
the
fix-initscope-cgroup-path
branch
from
b71ffc8
to
92635f6
Compare
|
@cyphar thanks for explaining that. I have pushed a different possible fix. The idea is that if "init.scope" is in the initPath, we should remove it, and it will only every appear once at the end of the initPath. If pid 1 is not systemd, nothing changes. If pid 1 is systemd < 226, nothing changes. If pid 1 is systemd >= 226, "init.scope" is removed from the initPath. Does this work? |
|
@sjenning This sounds good to me. IMO, this is the least intrusive fix for now. |
|
LGTM |
|
@cyphar @crosbymichael @hqhq PTAL |
|
I'm wondering if we should use |
|
@cyphar I can do that. There should only ever be one occurrence of init.scope in the path but I can change it just to make it more self-documenting. |
Signed-off-by: Seth Jennings <sjenning@redhat.com>
sjenning
force-pushed
the
fix-initscope-cgroup-path
branch
from
92635f6
to
4b44b98
Compare
|
@cyphar updated PTAL. Also I think Jenkins flaked, might need someone retry that. |
|
I've kicked off the tests again. |
|
LGTM. |
|
LGTM |
Fixes #931
There was talk in the issue about using dbus to determine which cgroup contains systemd, but I'm not seeing how that is relevant. Seems like we just want to always start at the cgroup root.
@derekwaynecarr @vishh @euank @mrunalp