cgroupsv2 adjustments #15
Conversation
Makes cgroups/custom_cgroup variables global so that they could be easily shared by cg() and cgCleanup()
Not really necessary.. it proposes a "get-an-fs" workflow in a "clean-after-reboot" fashion
I assumed "thing" would just be tossed by Mount() and that we just needed a (/mytemp) location inside our container to use as a tmpfs
Since the "echo 1 > notify_on_release" feature from cgroupsv1 seems to have been abandoned in cgroupsv2 and (as far as I can tell from [*]) there is no "builtin" cleanup mechanism, I think that some extra go code would be necessary: Initially I thought about something employing "internal/poll", as the documentation suggested, but that would've been overcomplicating the poc.. Perhaps an explicit force-removal call, after run(), could be the simplest implementation. (that process check before the rmdir.. maybe its not something we really need..) [*] https://docs.kernel.org/admin-guide/cgroup-v2.html#un-populated-notification
It also leaves the file's mod unaltered
|
hello @x7upLime , you closed this issue without it being merged. Any particular reason why? I am trying to get this to work as well and I am using your code as a reference. FWIW, I was using a busybox rootfs. I didn't see any items in /sys. I figured it was populated by systemd. I switched to a ubuntu rootfs. I still don't see any times in /sys. I'll let you know if using your version of the code works. |
|
Hmm. Ok here is the deal. I am using linux kernel 5.x. If I use the code as is and tweak for mods similar to yours, I can create the files as you/she did. However, they have no effect on the number of processes. Alternatively, if I mount sysfs I can see a similar sys directory as I do on the host. That is good. What's bad, is the result is not modifiable. Here is mounting the filesystem but using interactive mode to attempt to write to it. (despite its mounted read/write)
Here is the code for |
|
Here is an example of the alternative method. Not mounting sysfs, making the pids.max but not having any effect. Also note, I'm creating a max pid of 3. But i'm able to spawn bash 5 times. FWIW, this is writing to the actual roofs image mounted as root. So if my rootfs/sys on host was originally just a mount point, doing without mounting sysfs means these writes are being done to the filesystem and not to memory/kernel.
In this case, |
Makes the proof of concept work for cgroupsv2 scenarios:
.Adjust the logic in the cg(), to reflect the new cgroupsv2 hierarchy
.Adds a cgroup-cleanup mechanism that would work for cgroupsv2.
....commits should tell more
Tied to #14
proposes solution to #10 (even though there is already one at the end of the thread)