On Mon, Apr 06, 2020 at 11:26:57PM +0200, marcandre.lureau@xxxxxxxxxx wrote: > From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> > > Hi, > > This is a small series that allows basic QEMU VM CGroup support with > the help of machined --user: > https://github.com/systemd/systemd/pull/15312 > > The first few patches are fixes to register dbus and slirp-helper > correctly with the VM cgroup. > > A few changes are done to the machined support, adding session > support, and registering the VM to get a systemd scope cgroup under > user machine.slice. Hi, Before we start with anything I would like to know what is the motivation behind having CGroup support for session VMs? >From the systemd pull request it looks like you would like to have session VMs under the /sys/fs/cgroup/machine.slice which is completely wrong as we should not mix system and session VMs under the same slice. In addition it would not work because because you would use session D-Bus which would start machined under user running session VM and that user will not have permissions to do anything with the system machine.slice. If a regular user wants to do anything with cgroups delegation has to be used and obviously we cannot delegate the system machine.slice, it would have to live in a different location and since the QEMU process is running under the specific user it would have to live within /sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/ where by default only memory and pids controllers are available. Delegation would have to be set in order to get other controllers as well and all of this would work only if cgroups v2 are used. Pavel
Attachment:
signature.asc
Description: PGP signature
