On Sun, Sep 17, 2023 at 03:19:06PM +0800, Yafang Shao <laoar.shao@xxxxxxxxx> wrote: > The crucial issue at hand is not whether the LSM hooks are better > suited for the cgroup default hierarchy. What truly matters is the > effort and time required to migrate all cgroup1-based applications to > cgroup2-based ones. While transitioning a single component from > cgroup1-based to cgroup2-based is a straightforward task, the > complexity arises when multiple interdependent components in a > production environment necessitate this transition. In such cases, the > work becomes significantly challenging. systemd's hybrid mode is the approach helping such combined environments. (I understand that it's not warranted with all container runtimes but FYI.) On v1-only deployments BPF predicates couldn't be used at all currently. Transition is transitional but accompanying complexity in the code would have to be kept much longer. > Our objective is to enhance BPF support for controller-based > scenarios, eliminating the need to concern ourselves with hierarchies, > whether they involve cgroup1 or cgroup2. I'm posting some notes on this to the 1st patch. Regards, Michal
Attachment:
signature.asc
Description: PGP signature
