Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

idea: use CLONE_NEWCGROUP to fix racey cgroup assignment #2

Closed
shoenig opened this issue Sep 3, 2022 · 3 comments · Fixed by #36
Closed

idea: use CLONE_NEWCGROUP to fix racey cgroup assignment #2

shoenig opened this issue Sep 3, 2022 · 3 comments · Fixed by #36

Comments

@shoenig
Copy link
Owner

shoenig commented Sep 3, 2022

Instead of using a supervisor like the comment suggests, we should be able to just fork/exec the subprocess into
the cgroup created for it. Looks like this will be available in an upcoming version of Go

golang/go#51246
golang/go@3204e62

// Ideally we would fork a trusted helper, enter the cgroup ourselves, then
// exec into the user subprocess. This is fine for now.
return e.isolate()
@kolyshkin
Copy link

The proper link would be https://go.dev/cl/417695 (and the feature should be available in Go 1.20+).

Also please note this only works for cgroup v2 and requires Linux kernel >= v5.17.

@kolyshkin
Copy link

requires Linux kernel >= v5.17.

Just realized I made a typo, I meant Linux kernel >= 5.7 (released in June 2020).

Also, Go 1.20 is out :)

@shoenig
Copy link
Owner Author

shoenig commented Feb 8, 2023

Thanks @kolyshkin I should have time to pull this little project off the shelf again in the next couple of weeks. And also thanks for all the work you do!

shoenig added a commit that referenced this issue Apr 15, 2023
@shoenig
exec: clone task process directly into its cgroup
f33157e 
This PR changes the exec of the task child process to belong to its
own cgroup during its creation, fixing the race condition of moving
the PID into the cgroup after starting.

Adds new e2e test asserting the child process is launched in its own
cgroup.

Fixes #2
@shoenig shoenig mentioned this issue Apr 15, 2023
Merged
shoenig added a commit that referenced this issue Apr 15, 2023
@shoenig
exec: clone task process directly into its cgroup
fcc1868 
This PR changes the exec of the task child process to belong to its
own cgroup during its creation, fixing the race condition of moving
the PID into the cgroup after starting.

Adds new e2e test asserting the child process is launched in its own
cgroup.

Fixes #2
shoenig added a commit that referenced this issue Apr 15, 2023
@shoenig
exec: clone task process directly into its cgroup
d6fc385 
This PR changes the exec of the task child process to belong to its
own cgroup during its creation, fixing the race condition of moving
the PID into the cgroup after starting.

Adds new e2e test asserting the child process is launched in its own
cgroup.

Fixes #2
shoenig added a commit that referenced this issue Apr 15, 2023
@shoenig
exec: clone task process directly into its cgroup (#36)
2be5fb1 
This PR changes the exec of the task child process to belong to its
own cgroup during its creation, fixing the race condition of moving
the PID into the cgroup after starting.

Adds new e2e test asserting the child process is launched in its own
cgroup.

Fixes #2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

exec: clone task process directly into its cgroup shoenig/nomad-pledge-driver
2 participants
@shoenig @kolyshkin