memory pressure documentation - requires CAP_SYS_RESOURCE #29723
Comments
|
ugh this is a pain, as it makes it impossible to run services using user namespaces, can that be reverted? |
|
actually turns out it's not, there's a bug, the cgroup maintainers will take care of it shortly thankfully |
bluca
added
not-a-bug
and removed
RFE 🎁
|
I'm very relieved. Thank you. |
|
fix in 6.7-rc2 under "sched: psi: fix unprivileged polling against cgroups" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Component
systemd
Is your feature request related to a problem? Please describe
Sorry to say, at the same time you where adding MEMORY_PRESSURE PSI path by environment variable, Google limited it to services with CAP_SYS_RESOURCE capabilities - https://lore.kernel.org/all/20230303011346.3342233-1-surenb@google.com/ (effectively same patch in kernel).
Describe the solution you'd like
Stopgap documentation update to say SYS_RESOURCE is needed.
Advance the idea of providing a AF_UNIX socket so pid with is super capabilities can act as a proxy for less capable(ity) services.
Describe alternatives you've considered
cap_sys_resource for the service and dropping it after the file is memory.pressure is open.
The systemd version you checked that didn't have the feature you are asking for
No response
The text was updated successfully, but these errors were encountered: