cgroupv2 support meta issue

[kolyshkin]

This is a list of cgroupv2 issues and PRs needed to make cgroupv2 a first-class citizen in runc. This is in addition to #2209.

Issue description	PR	Status
add integration tests	#2295	🟢 merged
use "max" for negative values	#2272, #2300	🟢 merged
don't try to set kmem for systemd case	#2270	🟢 merged
fix setting MemorySwap	#2288	🟢 merged
fix fs2 driver initialization	#2299	🟢 merged
#2298 fs2 driver does not work with default cgroups path	#2305	🟢 merged
#2287 runc --systemd-cgroup update does not update systemd scope	#2343	🟢 merged
refactor (remove v1 Paths from v2 code)	#2282, #2299, #2386, #2411	🟢 merged
#2351 port events to v2	#2352	🟢 merged
#2328 checkpoint of cgroup2 fs is not working	#2335	🟢 merged
#2313 runc --systemd-cgroup run: need to check that StartTransientUnit succeeds #2309 Check the error return from StopUnit() in UnifiedManager#Destroy()	#2331	🟢
#2163 support rootless systemd	#2281	🟢 merged
#2316 eBPF failure on s390x	#2381	🟢 merged
#2339 rootless: "open /sys/fs/cgroup/cgroup.subtree_control: permission denied"": unknown	#2340	🟢 merged
#2356 nest: move PID 1 process to non-initial cgroup?	#2416	🟢 merged
#2367 nest: revert "CreateCgroupPath: only enable needed controllers"?	#2395	🟢 merged
#2366 support updating devices	N/A	🔴 (Low priority, as rarely used)
#2403 nest: Manager.Destroy() should recursively delete subgroups	#2412	🟢 merged
#2563 Implement LinuxResources.Unified proposal	#2584	🟢 merged
#2602 change systemd drivers to use sub-cgroups	N/A	🔴

EDIT (by @AkihiroSuda ):

• runc supports cgroup v2 since v1.0.0-rc91
• The items with 🔴 are not required in most cases and not blockers toward v1.0.0 GA
• See also issues and PRs labeled with area/cgroupv2

[AkihiroSuda]

force use of systemd driver if system runs systemd

I'm not sure runc should force this, though Moby/Podman/containerd/CRI-O may force it.

[AkihiroSuda]

@kolyshkin Can we remove "force use of systemd driver if system runs systemd" ?

[kolyshkin]

Can we remove "force use of systemd driver if system runs systemd" ?

done

I think there's something that needs to be done here, but I'm not yet quite sure what. Maybe if systemd is running but is not used by runc, runc should check that the cgroup path we're operating on is not managed by systemd (i.e. this cgroup or its parents were not created by systemd).

Anyway, I need to think more about it. Removed for now.

[Werkov]

The systemd compatible way to use cgroupfs directly is if runc operates in a delegated cgroup.

[giuseppe]

GetOwnCgroup is currently not supported for cgroup v2. Do I open a new issue to track it?

[AkihiroSuda]

Yes please @giuseppe

[h-vetinari]

The list in the OP could probably use updating. Any (other) open topics here @kolyshkin @AkihiroSuda?

[AkihiroSuda]

Added opencontainers/runtime-spec#1040 to the list

[AkihiroSuda]

Can we close this? Keeping this issue open seems to give people false sense as if cgroup v2 support hadn't landed in.

We can still keep pinning this issue.

[DevDorrejo]

is support rootless of podman?