-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd 248 broke read-only /sys/fs/cgroup mount in docker #19245
Comments
hmm, this is between docker your old container and your local configuration. What does host systemd have to do with that? I have no idea about docker, but they are pretty hostile towards systemd and still don't support cgroupsv2. Maybe take it up with them? Maybe your host runs cgroupsv2 now and docker fails on that? What's your mount table like? BTW, mucking around in /etc/systemd and /usr/lib/systemd looks really broken. systemd just works in reasonably not broken container managers, see https://systemd.io/CONTAINER_INTERFACE. Now, docker being its own thing ignores that, but I think you can easily make things match that document so that things just work for you too without patching around. |
Good question, not pointing fingers at systemd specifically, just noticed that the systemd upgrade seems to have triggered it.
I will
The most practical workaround is to boot with
I will check this out, thanks |
Btw docker is supposed to support cgroupsv2 since v20.10 "This release continues Docker’s investment in our community Engine adding multiple new features including support for cgroups V2" https://www.docker.com/blog/introducing-docker-engine-20-10/ This may also get relevant: https://serverfault.com/a/1054414/91453 |
btw, just bind mounting /sys/fs/cgroup hierarchy is never going to work if cgroup namespaces are used, since then the host view of /sys/fs/cgroup will be visible to the container, but /proc/$PID/cgroup will report the namespaced viewed, and things are then utterly broken. Hence, what you are doing is pretty fishy, and I am not sure this ever could work. Either way, I doubt there#s anything for us to address here. |
Anyway, let's close this here, bind mounting the hierarchy when cgroupns is used cannot work. It's a wonder this wasn't visible before. I also don't see how this is a systemd issue in the first place. Please follow up with docker. And drop the bind mount. unless you explicitly turn of cgroupns, too |
New systemd versions on the host break systemd on the container systemd/systemd#19245
My usecase is about running systemd inside a docker container.
Starting systemd 248 (as host systemd), mounting /sys/fs/cgroup read-only is not possible anymore.
Workarounds:
-v /sys/fs/cgroup:/sys/fs/cgroup:ro
but this contaminates the host cgroup, causing e.g. docker top to get confused:The NEWS file mentions the following possibly related changes introduced in v248:
Any insight / advice / workarounds are welcome.
Used distribution
Arch Linux, kernel
5.11.11-arch1-1
Expected behaviour
With the following example Dockerfile:
On a systemd 247 host
Unexpected behaviour you saw
On a systemd 248 host:
CPU architecture issue was seen on
x86_64
The text was updated successfully, but these errors were encountered: