Yafang Shao writes:
Cgroup v1 API is considered frozen with new features added only to v2.
The facilities support both cgroup v1 and cgroup v2, and what we need
to do is only exposing the interface.
If the cgroup v1 API is frozen, it will be a pity.
This might be true in the absolute purest technical sense, but not in a
practical one. Just exposing the memory protection interface without making it
comprehend v1's API semantics seems a bad move to me -- for example, how it
(and things like effective protections) interact without the no internal
process constraint, and certainly many many more things that nobody has
realised are not going to work yet.
And to that extent, you're really implicitly asking for a lot of work and
evaluation to be done on memory protections for an interface which is already
frozen. I'm quite strongly against that.
Because the interfaces between cgroup v1 and cgroup v2 are changed too
much, which is unacceptable by our customer.
The problem is that you're explicitly requesting to use functionality which
under the hood relies on that new interface while also requesting to not use
that new interface at the same time :-)
While it may superficially work without it, I'm sceptical that simply adding
memory.low and memory.min to the v1 hierarchy is going to end up with
reasonable results under scrutiny, or a coherent system or API.
