On 13/06/2024 10.27 pm, Lennart Poettering wrote:
On Do, 13.06.24 21:38, Mikhail Morfikov (mmorfikov@xxxxxxxxx) wrote:
I'm trying to make the 4 things (systemd, cgrupsv2, cgrulesengd, and nftables)
work together, but I think I'm missing something.
Is "cgrulesengd" interfering with the cgroup tree?
Sorry, but that's simply not supported. cgroupv2 has a single-writer
rule, i.e. every part of the tree has only a single writer, a single
manager. And you must delegate a subtree to other managers if a
different manager shall also manage cgroups.
Hence, if you have something that just takes systemd managed processes
and moves them elsewhere, it's simply not supported. Sorry, you voided
your warranty.
Lennart
--
Lennart Poettering, Berlin
I don't need any warranty, I need a way to make this work.
I'm not sure whether I understand the "single-writer rule", so correct me if I'm
wrong. I don't want to write pids to systemd services using cgrulesengd. I just
want to create my own cgroup tree, for instance /sys/fs/cgroup/morfikownia/ and I
want to place there all the processes managed by cgrulesengd (via the
/etc/cgrules.conf file). So systemd won't be touching anything inside
/sys/fs/cgroup/morfikownia/ and cgrulesengd won't be touching anything in the
rest of the cgroup tree -- is this "single-writer rule" ?
And you must delegate a subtree to other managers if a
different manager shall also manage cgroups.
How can this be done?
