[libvirt PATCH 00/15] RFC: basic CGroup support with qemu:///session

Marc-André Lureau marcandre.lureau at redhat.com
Tue Apr 7 10:48:26 UTC 2020


On Tue, Apr 7, 2020 at 10:55 AM Pavel Hrdina <phrdina at redhat.com> wrote:
> On Mon, Apr 06, 2020 at 11:26:57PM +0200, marcandre.lureau at redhat.com wrote:
> > From: Marc-André Lureau <marcandre.lureau at redhat.com>
> >
> > Hi,
> >
> > This is a small series that allows basic QEMU VM CGroup support with
> > the help of machined --user:
> > https://github.com/systemd/systemd/pull/15312
> >
> > The first few patches are fixes to register dbus and slirp-helper
> > correctly with the VM cgroup.
> >
> > A few changes are done to the machined support, adding session
> > support, and registering the VM to get a systemd scope cgroup under
> > user machine.slice.
> Hi,
> Before we start with anything I would like to know what is the
> motivation behind having CGroup support for session VMs?

My initial motivation was to have a way to group VM processes and kill
them altogether, because I tend to have a lot of them around after a

Given that systemd --user is very capable and based on
I thought that was probably the way to go.

> From the systemd pull request it looks like you would like to have
> session VMs under the /sys/fs/cgroup/machine.slice which is completely
> wrong as we should not mix system and session VMs under the same slice.

No, it is under user.slice, ex with this series:

   CGroup: /user.slice/user-1000.slice/user at 1000.service
           │ └─machine-qemu\x2delmarco\x2d1\x2dfedora.scope
           │   ├─24714 /usr/bin/swtpm socket --daemon --ctrl
--tpmstate dir=/home/elmarco/.config/libvirt/qemu/swtpm/053f84e7>
           │   ├─24716 /usr/bin/dbus-daemon
           │   ├─24719
/home/elmarco/src/libslirp-rs/target/debug/libslirp-helper --fd=27
           │   ├─24722 /usr/bin/qemu-system-x86_64 -name
guest=fedora,debug-threads=on -S -object
           │   └─emulator

> In addition it would not work because because you would use session
> D-Bus which would start machined under user running session VM and that
> user will not have permissions to do anything with the system
> machine.slice.  If a regular user wants to do anything with cgroups
> delegation has to be used and obviously we cannot delegate the system
> machine.slice, it would have to live in a different location and since
> the QEMU process is running under the specific user it would have to
> live within /sys/fs/cgroup/user.slice/user-1000.slice/user at 1000.service/
> where by default only memory and pids controllers are available.
> Delegation would have to be set in order to get other controllers as
> well and all of this would work only if cgroups v2 are used.

I thought delegation was required too, but I can't see any "Delegate="
in my user machine cgroup tree. (using systemctl --user show - note
that /machine.slice doesn't have Delegate set either)

But you can see that basic process management works fine with the
systemd series proposed.

Yes, this is certainly cgroups v2 only.


More information about the libvir-list mailing list