On Fri, Nov 06, 2015 at 11:57:24AM +0100, Michal Hocko wrote: > On Thu 05-11-15 17:52:00, Johannes Weiner wrote: > > On Thu, Nov 05, 2015 at 03:55:22PM -0500, Johannes Weiner wrote: > > > On Thu, Nov 05, 2015 at 03:40:02PM +0100, Michal Hocko wrote: > > > > This would be true if they moved on to the new cgroup API intentionally. > > > > The reality is more complicated though. AFAIK sysmted is waiting for > > > > cgroup2 already and privileged services enable all available resource > > > > controllers by default as I've learned just recently. > > > > > > Have you filed a report with them? I don't think they should turn them > > > on unless users explicitely configure resource control for the unit. > > > > Okay, verified with systemd people that they're not planning on > > enabling resource control per default. > > > > Inflammatory half-truths, man. This is not constructive. > > What about Delegate=yes feature then? We have just been burnt by this > quite heavily. AFAIU nspawn@.service and nspawn@.service have this > enabled by default > http://lists.freedesktop.org/archives/systemd-commits/2014-November/007400.html That's when you launch a *container* and want it to be able to use nested resource control. We're talking about actual container users here. It's not turning on resource control for all "privileged services", which is what we were worried about here. Can you at least admit that when you yourself link to the refuting evidence? And if you've been "burnt quite heavily" by this, where is your bug report to stop other users from getting "burnt quite heavily" as well? All I read here is vague inflammatory language to spread FUD. You might think sending these emails is helpful, but it really isn't. Not only is it not contributing code, insights, or solutions, you're now actively sabotaging someone else's effort to build something. -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html