Hello. (Sorry for a stitched mail below, I'm not subscribed to the ML so this is what I got from public archives. Please, keep me Cced.) On 10/24/22 13:54, Pavel Hrdina wrote: > I don't like this at all and IMO this is incorrect fix of the issue you > are trying to address. In hybrid mode with systemd the cgroup v2 > controller is not a real controller. It's something systemd uses for > process tracking and some other features. It is owned by systemd and we > should not touch it directly at all. I very much agree with this. Despite that I suggested the posted patch [1] because libvirt/lxc apparently violates systemd rules of exclusive access to cgroup hierarchies already. (At least that's how I understand the migration between libvirtd.service and target machine.slice/.../*.scope.) The patch is meant as a quick (and admittedly dirty) fix to the issue that users have been reporting with libvirt/lxc in the hybrid mode for several months. > We need to use proper systemd APIs to make any changes to that > directory or if needed ask systemd to create cgroup with Delegate=yes > which in this case is probably also not the correct approach. Yes, as I wrote in the commit message, there seems to be some inconsistency in what libvirt core vs libvirt/lxc uses to access cgroups. Using always systemd API would seem most consistent but I'd retain the current patch as a workaround provided it doesn't break things more (than the current state). On 10/24/22 13:28, Pavel Hrdina wrote: > What I've seen is that hybrid systemd environments have: > > /sys/fs/cgroup/unified > /sys/fs/cgroup/memory > /sys/fs/cgroup/blkio > ... > > but it doesn't mean that it is mounted in V1 cgroup filesystem. > > In this case the /sys/fs/cgroup is tmpfs filesystem and there is nothing > mounted over V1. As a more detailed explanation why the reversed order works: It relies on the tmpfs mount over the ro-path in the v1 virCgroupBindMount so that ../unified mount directory can be created for the v2 mount. (IIUC, this is related to the environment inside the container where libvirt/lxc attempts to prepare hybrid-like cgroup setup.) HTH, Michal [1] v1 in https://bugzilla.opensuse.org/show_bug.cgi?id=1183247#c35
Attachment:
signature.asc
Description: Digital signature
