> 2024年9月11日 03:32,Tejun Heo <tj@xxxxxxxxxx> 写道: > > On Tue, Sep 10, 2024 at 03:48:32PM +0800, Liu Song wrote: >> For the handling logic of child_quota, there is no need to distinguish >> between cgroup1 and cgroup2, so unify the handling logic here. >> >> Signed-off-by: Liu Song <liusong@xxxxxxxxxxxxxxxxx> > > It doens't make much sense to change the interface for cgroup1 at this > point. Let's please leave it as-is. > > Thanks. > > -- > tejun Hi In scenarios involving secure shared containers (like Kata), where containers are deployed on VMs and constrained by CPU runtime using quotas, the concept of vCPUs comes into play. If the CPU limit set by Kubernetes is less than the actual number of vCPUs, meaning the CPU count derived from the quota is less than the vCPU count, then when a user runs lscpu inside the container, the reported CPU count will be greater than the container's quota. If the user uses this reported count to calculate quota and attempts to set it for their own sub-container, it will result in an error under cgroup1, whereas the same operation will succeed under cgroup2. To avoid imposing extra learning costs on users, unifying the handling logic in this regard is still beneficial. Thanks
