cgroup2: split fs2 from fs #2169
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Test script: #!/bin/sh
x(){
echo + "$@"
"$@"
}
for runtime in /usr/local/bin/crun /usr/local/sbin/runc; do
echo "=== RUNTIME $runtime ==="
for manager in cgroupfs systemd; do
echo "= MANAGER $manager ="
x sudo podman --runtime=$runtime --cgroup-manager=$manager run -d --name tmp -v /:/host --device /dev/sda1 --cgroupns=host --pids-limit=10 alpine top
x sudo podman exec tmp cat /proc/self/cgroup
x sudo podman exec tmp sh -c 'echo should be 10; cat /sys/fs/cgroup$(cat /proc/self/cgroup | sed -e s/0:://g)/pids.max'
x sudo podman exec tmp sh -c 'echo should fail; hexdump -C /host/dev/sda | head -n 1'
x sudo podman exec tmp sh -c 'echo should succeed; hexdump -C /host/dev/sda1 | head -n 1'
x sudo podman rm -f tmp
done
echo "= MANAGER cgroupfs (rootless) ="
x podman --runtime=$runtime --cgroup-manager=cgroupfs run --rm --cgroupns=host alpine cat /proc/self/cgroup
# runc+systemd+rootless is not supported yet (#2163)
doneresult (working as expected): === RUNTIME /usr/local/bin/crun ===
= MANAGER cgroupfs =
+ sudo podman --runtime=/usr/local/bin/crun --cgroup-manager=cgroupfs run -d --name tmp -v /:/host --device /dev/sda1 --cgroupns=host --pids-limit=10 alpine top
5bd05442b7b72d4dbe16a8ded0c1c8ac1b2a2a22ca1f50363f23d66f2371347e
+ sudo podman exec tmp cat /proc/self/cgroup
0::/libpod_parent/libpod-5bd05442b7b72d4dbe16a8ded0c1c8ac1b2a2a22ca1f50363f23d66f2371347e
+ sudo podman exec tmp sh -c echo should be 10; cat /sys/fs/cgroup$(cat /proc/self/cgroup | sed -e s/0:://g)/pids.max
should be 10
10
+ sudo podman exec tmp sh -c echo should fail; hexdump -C /host/dev/sda | head -n 1
should fail
hexdump: /host/dev/sda: Operation not permitted
hexdump: /host/dev/sda: Bad file descriptor
+ sudo podman exec tmp sh -c echo should succeed; hexdump -C /host/dev/sda1 | head -n 1
should succeed
00000000 eb 58 90 6d 6b 66 73 2e 66 61 74 00 02 08 20 00 |.X.mkfs.fat... .|
+ sudo podman rm -f tmp
5bd05442b7b72d4dbe16a8ded0c1c8ac1b2a2a22ca1f50363f23d66f2371347e
= MANAGER systemd =
+ sudo podman --runtime=/usr/local/bin/crun --cgroup-manager=systemd run -d --name tmp -v /:/host --device /dev/sda1 --cgroupns=host --pids-limit=10 alpine top
b7f24f4c38258791ba7a7cccc2967e4e8bd3141c9043fb9755888d06e13dbee6
+ sudo podman exec tmp cat /proc/self/cgroup
0::/machine.slice/libpod-b7f24f4c38258791ba7a7cccc2967e4e8bd3141c9043fb9755888d06e13dbee6.scope
+ sudo podman exec tmp sh -c echo should be 10; cat /sys/fs/cgroup$(cat /proc/self/cgroup | sed -e s/0:://g)/pids.max
should be 10
10
+ sudo podman exec tmp sh -c echo should fail; hexdump -C /host/dev/sda | head -n 1
should fail
hexdump: /host/dev/sda: Operation not permitted
hexdump: /host/dev/sda: Bad file descriptor
+ sudo podman exec tmp sh -c echo should succeed; hexdump -C /host/dev/sda1 | head -n 1
should succeed
00000000 eb 58 90 6d 6b 66 73 2e 66 61 74 00 02 08 20 00 |.X.mkfs.fat... .|
+ sudo podman rm -f tmp
b7f24f4c38258791ba7a7cccc2967e4e8bd3141c9043fb9755888d06e13dbee6
= MANAGER cgroupfs (rootless) =
+ podman --runtime=/usr/local/bin/crun --cgroup-manager=cgroupfs run --rm --cgroupns=host alpine cat /proc/self/cgroup
0::/user.slice/user-1001.slice/[email protected]/user.slice/podman-40576.scope
=== RUNTIME /usr/local/sbin/runc ===
= MANAGER cgroupfs =
+ sudo podman --runtime=/usr/local/sbin/runc --cgroup-manager=cgroupfs run -d --name tmp -v /:/host --device /dev/sda1 --cgroupns=host --pids-limit=10 alpine top
d1ca9ac588f32ad168420348734ccf1323d8bdf37d8f1fcee33e0520fea40e28
+ sudo podman exec tmp cat /proc/self/cgroup
0::/libpod_parent/libpod-d1ca9ac588f32ad168420348734ccf1323d8bdf37d8f1fcee33e0520fea40e28
+ sudo podman exec tmp sh -c echo should be 10; cat /sys/fs/cgroup$(cat /proc/self/cgroup | sed -e s/0:://g)/pids.max
should be 10
10
+ sudo podman exec tmp sh -c echo should fail; hexdump -C /host/dev/sda | head -n 1
should fail
hexdump: /host/dev/sda: Operation not permitted
hexdump: /host/dev/sda: Bad file descriptor
+ sudo podman exec tmp sh -c echo should succeed; hexdump -C /host/dev/sda1 | head -n 1
should succeed
00000000 eb 58 90 6d 6b 66 73 2e 66 61 74 00 02 08 20 00 |.X.mkfs.fat... .|
+ sudo podman rm -f tmp
d1ca9ac588f32ad168420348734ccf1323d8bdf37d8f1fcee33e0520fea40e28
= MANAGER systemd =
+ sudo podman --runtime=/usr/local/sbin/runc --cgroup-manager=systemd run -d --name tmp -v /:/host --device /dev/sda1 --cgroupns=host --pids-limit=10 alpine top
e96d5cff6ac7a27cacd13bc24207c167e707b86bbdb42904a3b20659b3910ddf
+ sudo podman exec tmp cat /proc/self/cgroup
0::/machine.slice/libpod-e96d5cff6ac7a27cacd13bc24207c167e707b86bbdb42904a3b20659b3910ddf.scope
+ sudo podman exec tmp sh -c echo should be 10; cat /sys/fs/cgroup$(cat /proc/self/cgroup | sed -e s/0:://g)/pids.max
should be 10
10
+ sudo podman exec tmp sh -c echo should fail; hexdump -C /host/dev/sda | head -n 1
should fail
hexdump: /host/dev/sda: Operation not permitted
hexdump: /host/dev/sda: Bad file descriptor
+ sudo podman exec tmp sh -c echo should succeed; hexdump -C /host/dev/sda1 | head -n 1
should succeed
00000000 eb 58 90 6d 6b 66 73 2e 66 61 74 00 02 08 20 00 |.X.mkfs.fat... .|
+ sudo podman rm -f tmp
e96d5cff6ac7a27cacd13bc24207c167e707b86bbdb42904a3b20659b3910ddf
= MANAGER cgroupfs (rootless) =
+ podman --runtime=/usr/local/sbin/runc --cgroup-manager=cgroupfs run --rm --cgroupns=host alpine cat /proc/self/cgroup
0::/user.slice/user-1001.slice/[email protected]/user.slice/podman-41213.scope |
This was referenced Nov 8, 2019
|
@giuseppe @filbranden PTAL? This PR is large, but almost all changes are in |
|
Thanks @AkihiroSuda! I'm out this weekend and I'll be back on Tuesday. I'll give this PR my full attention when I'm back. Cheers, |
filbranden
approved these changes
Nov 20, 2019
There was a problem hiding this comment.
I tested this a bit and it works for me.
Also took a closer look at the code. Overall, everything looks good, I have a few nitpicks but mostly minor.
I really wonder about memory.high vs. memory.low, but looks like that's pre-existing, we can probably address that one in a follow up if needed.
Cheers!
Filipe
AkihiroSuda
force-pushed
the
split-fs
branch
2 times, most recently
from
bcea75a
to
2ddb057
Compare
split fs2 package from fs, as mixing up fs and fs2 is very likely to result in unmaintainable code. Inspired by containerd/cgroups#109 Fix opencontainers#2157 Signed-off-by: Akihiro Suda <[email protected]>
Signed-off-by: Akihiro Suda <[email protected]>
|
I guess the fix for #2175 should be split off from this PR (seeing that the CI is currently broken, resp. how long PRs can take to be reviewed)? |
|
I tried to do that, but it was hard because the v1 codes and the v2 codes are entangled complicatedly on the git master. |
AkihiroSuda
added a commit
to AkihiroSuda/runc
that referenced
this pull request
Dec 31, 2019
…#2169 gets merged) CI seems to have been broken due to some bad rebase during merging multiple cgroup2 PRs: opencontainers#2175 The failure is being fixed in opencontainers#2169, but still waiting for review. This PR updates .travis.yml to ignore the failure as a workaround until opencontainers#2169 gets merged. This PR can be closed if opencontainers#2169 can get merged right now (and that's even better). Signed-off-by: Akihiro Suda <[email protected]>
cyphar
reviewed
Jan 1, 2020
|
LGTM. I don't really have a setup that I can use to test this at the moment, but it looks fairly reasonable and cleans up quite a bit of the less-than-pretty parts of the cgroupv2 initial implementation. |
|
@mrunalp PTAL? |
|
LGTM |
AkihiroSuda
added a commit
to AkihiroSuda/runc
that referenced
this pull request
Jan 14, 2020
A new method was added to the cgroup interface when opencontainers#2177 was merged. After opencontainers#2177 got merged, opencontainers#2169 was merged without rebase (sorry!) and compilation was failing: libcontainer/cgroups/fs2/fs2.go:208:22: container.Cgroup undefined (type *configs.Config has no field or method Cgroup) Signed-off-by: Akihiro Suda <[email protected]>
|
follow-up: #2206 |
adrianreber
pushed a commit
to adrianreber/runc
that referenced
this pull request
Feb 10, 2020
A new method was added to the cgroup interface when opencontainers#2177 was merged. After opencontainers#2177 got merged, opencontainers#2169 was merged without rebase (sorry!) and compilation was failing: libcontainer/cgroups/fs2/fs2.go:208:22: container.Cgroup undefined (type *configs.Config has no field or method Cgroup) Signed-off-by: Akihiro Suda <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
split fs2 package from fs, as mixing up fs and fs2 is very likely to result in
unmaintainable code.
Inspired by containerd/cgroups#109
Fix #2157
Signed-off-by: Akihiro Suda [email protected]
This PR is large, but almost all changes are in
libcontainer/cgroups/fs2andlibcontainer/cgroups/systemd/unified_hierarchy.go.Other changes are just for deduplicating files across
cgroups/fsandcgroups/fs2.